MSHelper is a crypto-mining program that was found running on many Mac OS X devices in May 2018 without the user's approval. The MSHelper miner is suspected to arrive on systems via software bundles that did not disclose information on their components properly. The MSHelper miner is utilized by third parties to hijack processing power, mine for Monero (XMR) digital coins and earn a profit. The MSHelper program facilitates a crypto jacking campaign and enables the threat actors to earn money using hardware they do not own. The impact of the MSHelper crypto jacker is believed to decrease the life of laptop batteries, the productivity of central processing units (CPUs), and damage hard drives due to the heat produced by stressed CPUs.
The symptoms associated with the MSHelper activity include poor performance due to the high CPU usage; hot hardware due to more power going to the CPU; increased fan speed due to the system's efforts trying to cool the CPU. The MSHelper crypto-jacker is reported to appear in the Activity Monitor utility as 'mshelper' and access files from the LaunchDeamons and the Application Support directories. The MSHelper crypto-jacker is known to access a file called 'com.pplauncher.plist' from LaunchDeamons and the configuration settings from the 'pplauncer' under the Application Support. The users can initiate a Spotlight search if they wish to search for the files used by the MSHelper miner. Also, opening the CPU tab within the Activity Monitor utility may provide insight on the currently running programs on your system. If you find MSHelper among the running process, consider using a reliable anti-malware instrument to remove the program. AV companies flag related files with the name 'OSX/mshelper.'