CpuMeaner
CPUMeaner is a cryptocurrency-mining Trojan that's a modified version of XMRig. CPUMeaner targets macOS systems, including old versions of OS X. All users should monitor downloads related to cracks or other illicit media, particularly, and let their preferred anti-malware products remove CPUMeaner before it risks damaging the PC's hardware.
A Slightly Meaner Version of a Well-Known Program
The misapplication of XMRig is fast becoming a tradition for threat actors, and it makes appearances in campaigns as different as Clipsa, CrazyCoin, and Norman. While its 'official' support is for Windows OSes, the mining application also is compatible with others. As proof of such, CPUMeaner hijacks OS X systems and turns them into miners, to the deploying criminal's benefit.
Although these tactics aren't the only infection vectors possible, many versions of CPUMeaner pretend that they're cracks for premium software, such as Microsoft Office, PluralEyes, or Suitcase Fusion. Fake versions of players for Flash or media like movies and music are equally standard. Some versions include (usually, revoked) signatures for their disguise or may circulate with torrent networks.
After getting the installation in this fashion, CPUMeaner loads up its variant of XMRig (a fork of version 2.3.1 or 2.4.2, for example). The attacker sets the configuration with a series of default, hard-coded arguments. The cryptocurrency-mining Trojan may use up to two hundred percent of the system's CPU for generating Monero for one or both of the threat actor's two wallets.
The maintenance of this Trojan's campaign also is worthy of note. Malware experts are catching rotations of domains, certificates, and developer IDs. CPUMeaner, itself, also is getting some limited patching, at least, to the extent that it can self-terminate if it infects an already-mining machine.
Rigging Yourself an Easy Retreat from Getting Mined
The blockchain-calculating requirements of cryptocurrency-mining make the activity into a potentially hardware-damaging one if the user sets up the program too recklessly. Although most threat actors prefer using XMRig in a low-detection, low-impact context, malware analysts can't rule out a possibility of CPUMeaner's damaging the CPU or other hardware. Monero mining also may cause problems related to general performance degradation, such as an unresponsive UI.
On the other hand, the installation exploits that CPUMeaner's campaign prefers are well-known and easily-evadable ones. Software pirates always run risks of infecting their computers due to trusting what is already illicit software in the first place. Merely avoiding torrents and illicit file-sharing websites should protect most Apple product users from the risk of a CPUMeaner infection.
If evasion falters, a respected anti-malware program will flag and delete CPUMeaner. Old samples of the Trojan are receiving appropriate detection rates in just under one out of every two cases, and installing any available database updates could be a crucial step in blocking infections.
CPUMeaner is mean enough to make a lot of money by collecting another programmer's work, and many strangers' computers. Since the victims are themselves criminals of another stripe, though, it can be difficult to feel much pity for them.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.