CpuMeaner is a cryptocurrency-mining trojan targeting macOS. It hides in pirated applications and secretly mines the Monero cryptocurrency using the user's CPU resources. The trojan was found on a supposed pirated version of the "Sketch" app and also found on a French fake torrent site. The threat has been observed in the wild since the second half of September 2017 with a detection ratio of zero on VirusTotal. Apple users have complained about installed executables xmemapp.exe and cpucooler.exe; both are custom builds of XMRig version 2.3.1, an open-course Monero CPU miner. Covert cryptocurrency mining operations have increased in the last few months, exploiting Android, Windows, Linux, and Chrome devices as a means to monetize infections. If threat actors keep CPU usage to a minimum, mining activity will likely go unnoticed by the average user. Cryptocurrency mining operations will likely continue to increase for the foreseeable future.

Technical Details

  • Technical analysis of CpuMeaner can be found from SentinelOne here.