CPUMeaner

Another CryptoCurrency miner, in this case Monero, found by SentinalOne at the end of 2017. An infection can occur when downloading pirate software from a variety of sources, it could be a fake Flash Player or a malicious link on YouTube in the video’s description.

Source: SentinalOne

The malware is a modified version of one of the Monero miners. CPUMeaner creates the LaunchAgent “/Library/LaunchAgents/com.osxect.cpucooler.plist” for persistence.

Source: CheckPoint

Links:

OSX.CPUMEANER: NEW CRYPTOCURRENCY MINING TROJAN TARGETS MACOS

Samples:
63825b6d6d120131c83906136fcd027b482ef5ee

Share this: