How to Remove ‘mshelper’, The Latest Mac Malware

macOS: Malware called “mshelper” is burning through CPU cycles, possibly as part of a crypto-mining scheme.

Checking if you have the malware is easy: just open Activity Monitor and search for “mshelper.” Killing the process doesn’t do anything—it just opens again—but users have reported that running Etrecheck, which runs diagnostics and removes malware, gets rid of mshelper quickly. Alternatively you can manually delete two files:

  • /Library/LaunchDaemons/com.pplauncher.plist
  • /Library/Application Support/pplauncher

Do that, then kill the process, and mshelper should be gone.

The malware was noticed by users on Apple’s forums and on Reddit, but what is it actually doing? That part is not clear. Here’s Malcolm Owen, writing for Apple Insider:

It is unknown what exactly mshelper is doing to utilize the processor at such a high rate, but speculation on the Apple support forum suggests it could be some form of adware, or possibly a program used for mining cryptocurrency on a victim’s computer. Aside from using the processor, there also doesn’t seem to be any other issues it causes on affected desktops.

Whatever the application is up to, you don’t want it. Remove it as soon as you notice it.

Justin Pot is the News Editor for How-To Geek. He lives in Hillsboro, Oregon. Follow him on Twitter and Facebook, if you want. You don't have to.