News

How to Detect and Remove The Mac ‘mshelper’ Malware

Is your Mac’s fan running at a high rate or you’re seeing a much reduced battery life than normal, you’ll want to check for the mshelper malware that is showing up around Mac land.

9to5Mac:

A couple of support threads have described people finding a process called mshelper using a lot of CPU usage.

From the little that’s known about it so far, it seems this is either adware or a cryptocurrency miner. Despite the heading in the Reddit thread, there’s no evidence that it’s a virus, so the most likely explanation for its spread is a sketchy download which installs it alongside some other app.

To check for mshelper, launch Activity Monitor and then click on the CPU tab to sort by highest CPU usage. If mshelper is on your Mac, it should show up near the top of the list.

If it is present, simply killing the process doesn’t fix things, as it will restart itself. But you can remove it from your system by deleting the following two files:

  1. /Library/LaunchDaemons/com.pplauncher.plist
  2. /Library/Application Support/pplauncher/pplauncher

The Reddit and Apple Support threads above mention a utility called “EtreCheck” that is said to be able to find the malware, even when other apps can’t. We can’t vouch for its accuracy, so run that one at your own risk.

Until Apple adds the malware to their macOS blacklist to disable it, the above should solve it short term.

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.