Another CryptoCurrency miner, in this case Monero, found by SentinalOne at the end of 2017. An infection can occur when downloading pirate software from a variety of sources, it could be a fake Flash Player or a malicious link on YouTube in the video’s description.

Source: SentinalOne

The malware is a modified version of one of the Monero miners. CPUMeaner creates the LaunchAgent “/Library/LaunchAgents/com.osxect.cpucooler.plist” for persistence.

Source: CheckPoint

Source: CheckPoint