Security

XMRig Virus

By James Wemyss
April 25, 2024

In this article you will find the following:

XMRig is a cryptocurrency mining app that hackers may attempt to install on your MacBook. It uses your device’s processor and GPU to mine the Monero cryptocurrency. If it succeeds in that, XMRig then transfers the mined crypto to a criminal’s digital wallet.

 

The increased interest in and value of cryptocurrencies has provided criminals with abundant new opportunities to scam and steal from innocent people. If you’ve ever read about crypto mining before, you’ll be aware of how resource-intensive it can be on your processor and your GPU—and that’s not to mention your energy bill. Because of this, criminal gangs want to steal your Mac’s power and use it to mine crypto, which goes directly into their wallet.

 

Stay tuned, and we’ll show you how to detect and how to protect yourself from the XMRig malware.

Before we start:

 

Though in this guide we’ll show you exactly how to find and remove the XMRig virus, there are many other common Mac viruses that your Mac could be vulnerable to. To stay protected from malware infections, the best method is always to use an antivirus. MacKeeper’s Antivirus will protect your Mac in real time and will quarantine the found threats so that you and your personal data is kept safe.

 

Here’s how to use MacKeeper’s Antivirus:

  1. Download MacKeeper.
  2. Select Antivirus from the side menu.
  3. Click Start Scan to search your Mac for malware.
  4. Enable Real-Time Protection and you will be automatically protected from threats as soon as they arrive at your Mac.

What is XMRig virus

XMRig is an open-source crypto miner used to complete proof-of-work processes to obtain the Monero cryptocurrency. Monero is similar to Bitcoin, except it anonymizes transactions, rather than all transactions being visible on the blockchain. This makes it the ideal crypto for criminal gangs and hackers.

 

XMRig is safe to install; however, hackers have created cracked versions of it that use your Mac’s CPU and GPU to mine Monero and transfer the crypto to their wallets. Moreover, crypto mining is incredibly resource-intensive, meaning it’ll use lots of your electricity, increasing your energy bills drastically.

How XMRig virus can get on your Mac

Typically, XMRig infects Macs using the bundling method. This is when criminals bundle contaminated software with other, legitimate programs. The legitimate looking app will likely be cracked by the hackers, and, upon installation, install the XMRig Trojan on your MacBook without your consent.

 

Here are the ways XMRrig can get on your Mac:

  • Downloading apps from unknown sources
  • Clicking dodgy links in emails or on websites
  • Visiting websites which don’t begin with https://
  • Installing apps for which the publisher is unknown
  • Having a Mac that has already been compromised by hackers

How does the XMRig virus work

The XMRrig Trojan horse virus works by installing a tampered with version of the XMRig app. This will exploit your Mac’s CPU and GPU to mine crypto and send the profits directly to the hackers - this will affect your Mac’s performance and cost you money.

How to check for XMRig malware on your macOS

If you want to know how to check for viruses on Mac, the best way is to always use an antivirus. However, there are a number of ways you can spot the XMRig Trojan (or any other malicious software) by being cautious online and observing your Mac’s performance. To check for XMRig malware on macOS:

  • Check if Activity Monitor is showing XMRig processes.
  • Observe if your Mac is running much hotter than usual.
  • Check if your Mac is beginning to show huge decreases in performance for no reason.
  • Make sure all of your apps are downloaded from the Mac App Store or the official website of the app developer.
  • Observe if your MacBook’s battery is running out much quicker than usual.
  • Look in your Applications folder for any apps you don’t remember installing.

How to remove the XMRig virus from your Mac

To remove XMRig virus from your Mac, you need to check your Applications folder for any apps that you didn’t install. Particularly, those named XMRig, MPlayerX, or NicePlayer. If you notice any of these apps, immediately drag these apps to your Trash and then empty your Trash to remove XMRig from your device.

To remove XMRig virus from Mac, find the suspicious app by opening Finder and go to the Applications folder from the side menu. Right click on a suspicious app you want to remove, and hit Move to Trash.
Step 1. Finder > Applications > right-click on malicious App > Move to Trash
To remove XMRig from Mac, once you have deleted the app from your Applications folder, click on the Trash icon in your Dock. Then, click Empty in the top right corner to permanently delete the malware from your Mac.
Step 2. Select Trash from your Dock > click Empty > Empty Trash

There are a few ways you can remove the XMRig virus on a Mac, but we’d always recommend scanning your Mac for viruses if you suspect your security may be compromised. If you want to get rid of XMRig miner, look no further and follow our full guide below:

  1. Delete XMRig virus manually
  2. Use MacKeeper antivirus to uninstall the XMRig virus from your Mac
  3. Clear your browser with the MacKeeper adware cleaner tool

1.  Delete XMRig virus manually

Though XMRig can be deleted manually, it can often hide itself within other apps or be installed outside your Applications folder, making it incredibly difficult to spot. For this reason, we always recommend using antivirus software, as it scans your entire system. But, if you’d still like to know how to delete malware from Mac manually, follow our guide below:

  1. First, you need to find XMRig manually using Activity Monitor, to do this, press command + space, type in Activity Monitor and hit Enter.
  2. To stop XMRig, go to the CPU tab in Activity Monitor, and observe for any apps you don’t recognize which are using an unusually high percentage of your CPU.
  3. Double-click on the suspicious app, then click Open Files and Ports.
  4. This will provide you with file paths which enclose the malicious software.
  5. Use Finder to navigate to the enclosed folder and move the dodgy app to your Trash.
To delete XMRig virus manually on Mac, first press command + space to open Spotlight Search. Then, type in Activity Monitor and press Enter.
Step 1. Command + Spacebar > Type Activity Monitor > Enter
To manually remove the XMRig trojan virus, select the CPU tab in Activity Monitor and observe for any unknown app which is using a high percentage of your CPU. Then, double click on the suspicious app in Activity Monitor.
Step 2. CPU tab > spot suspicious apps using lots of CPU power > double click on it
To manually remove XMRig from Mac, go to the Open Files and Ports tab in Activity Monitor on the suspicious app. Scroll through the dialog box to locate where exactly the dodgy app is running from. Then, use Finder to locate the app and move it to your Trash.
Step 3. Open Files and Ports > identify filepath > delete app using Finder

Hint from our experts:

 

Though it is possible to identify XMRig using the Activity Monitor, finding the correct file path is tricky—especially if the malicious app is located within a hidden or system folder—which won’t appear in Finder right away. If you do spot an unknown app using lots of CPU power, we strongly recommend you use MacKeeper’s Antivirus immediately to identify the virus and protect your Mac from scammers.

2. Use MacKeeper antivirus to uninstall the XMRig virus from your Mac

Though XMRig will be noticeable in your Mac’s Activity Monitor, it can still be tricky to find where exactly the hackers have installed it to delete XMRig miner. Moreover, common viruses such as XMRig are constantly tweaked by hackers to remain undetected on your computer. For this reason, the best way to uninstall XMRig is to use antivirus software.

 

Here’s how you can use MacKeeper’s Antivirus to uninstall the XMRig virus from Mac:

  1. Download and install MacKeeper.
  2. Go to Antivirus.
  3. Press the Start Scan button, and MacKeeper will scan your entire system for suspicious software.
  4. Hit Enable on the Real-Time Protection button to stay protected from threats 24/7.
  5. If anything is found, MacKeeper will quarantine viruses in a safe place on your Mac. The app will then ask you to confirm that you’d like to delete the virus and will remove the threat from your Mac.
To remove the XMRig virus from your Mac using an antivirus, open MacKeeper and select Antivirus from the side menu. Then click Enable on real-time protection, and hit Start Scan.
Step 1. Open MacKeeper > Antivirus > Enable Real-time protection > Start Scan
To remove the XMRig miner virus from your MacBook, allow MacKeeper to scan your Mac for viruses. This may take a few minutes, as it is scanning every inch of your Mac, including system files and folders, for any threats.
Step 2. Wait for a few minutes as MacKeeper scans your Mac for threats
To uninstall the XMRig virus from Mac, once MacKeeper has completed the scan, it will inform you of any viruses detected. Then, when prompted, MacKeeper will quarantine and delete the viruses automatically.
Step 3. If you have a virus on your Mac, MacKeeper will identify and remove it

3. Clear your browser with the MacKeeper adware cleaner tool

As with most viruses, XMRig typically reaches your Mac through your web browser. Scammers use pop-ups and bogus ads on dodgy websites to convince you that an app needs updating. For the XMRig Trojan, criminals usually disguise it as a fake Adobe Flash Player update to convince unwitting victims to install it. But there’s a solution—MacKeeper’s StopAd feature protects your Mac from fake adverts and malicious pop-ups, and also stops websites from tracking you online.

 

Use MacKeeper’s StopAd to protect your browsing through Safari:

  1. Download MacKeeper.
  2. Go to StopAd from the side menu.
  3. Select Enable on the Safari extension option.
  4. Click Open Safari Preferences.
  5. Tick all the MacKeeper extension boxes in Safari, and you’ll be protected immediately.
To protect yourself from the XMRig virus on the Safari web browser on Mac, download MacKeeper and pick to the StopAd option from the menu. Then click Enable Safari extension.
Step 1. MacKeeper > StopAd > Enable Safari extension
To protect from XMRig virus on Safari browser on Mac, click the Open Safari Preferences button when prompted by MacKeeper, which will take you to your Safari extensions.
Step 2. Click Open Safari Preferences from the dialog box
To use StopAd to protect from the XMRig virus on Mac, in the Safari extensions menu, tick all four MacKeeper extensions for full protection from ads, pop-ups and online tracking.
Step 3. In Safari Preferences, tick all 4 MacKeeper boxes to protect yourself online

If you use Google Chrome as your default web browser, follow these instructions to enable MacKeeper’s StopAd on your Mac:

  1. Download and install MacKeeper.
  2. Go to StopAd from the side menu in MacKeeper.
  3. Click Install Chrome extension.
  4. You’ll be taken to the Chrome web store. Here, lick the Add to Chrome button.
  5. After that, StopAd will be added to your Extensions toolbar.
To protect yourself from XMRig using Chrome browser on Mac, open MacKeeper and select StopAd from the menu. Then, select Install Chrome extension.
Step 1. Open MacKeeper > StopAd > select Install for Chrome
To use StopAd to protect against XMRig virus using Chrome on Mac, MacKeeper will direct you to the MacKeeper StopAd page on the official Chrome Web Store. Simply click Add to Chrome.
Step 2. MacKeeper will take you to the Chrome web store—click Add to Chrome
To use StopAd on Google Chrome on Mac - click Add Extension from the dialog box when prompted. This will help to protect you from the XMRig virus.
Step 3. Click Add Extension, and StopAd will be added to your Chrome browser

How to avoid XMRig virus

Now you know how to spot and remove the XMRig virus, we’d like to instruct you on how to protect yourself against it and other types of phishing attacks. Generally, this involves being vigilant online, and it always helps to be suspicious of any advert or pop-up. See and follow our top tips to avoid the XMRig virus below:

  • Use reliable antivirus software with real-time protection to ensure threats are disarmed and removed before they damage your Mac or harvest your personal information.
  • Be always skeptical of any website telling you to run an update. For instance, Adobe Flash Player has been discontinued, so ignore its update notifications.
  • Avoid installing apps from unknown sources. Instead, download apps from the Mac App Store of official websites where possible.
  • Use ad blocking software such as MacKeeper’s StopAd to prevent malicious ads from reaching your Mac.
  • Be vigilant to spam emails, and don’t open attachments or click on links from people you don’t trust.
  • Ensure macOS is up-to-date so that you have Apple’s latest security patches to protect you from scams.

Protect yourself from XMRig and other crypto mining viruses

Crypto scams like XMRig take advantage of people with little knowledge of what crypto is, and how it’s created. Besides, they’re constantly inventing new routes to make illicit money. Hopefully, by now, after reading through our full guide to uninstalling XMRig, you’re aware of crypto mining scams and know how to identify viruses like XMRig on your Mac.

 

Our experts at MacKeeper will always strongly recommend you install antivirus software to protect yourself from threats and safely remove them should they reach your device. Our security tools, such as MacKeeper’s Antivirus and StopAd, are great ways for you to stay safe online, bringing you peace of mind.

 

What’s more, MacKeeper also includes lots of other handy features to keep your Mac performing at its best. For example, Memory Cleaner can free up RAM at the touch of a button to speed up your Mac, while Safe Cleanup helps you to locate and delete useless junk files that take up space on your hard drive. Try it all—performance, security, and privacy—by installing MacKeeper today.

FAQ about XMRig virus on Mac

1. Is XMRig a malware?

Yes and no. XMRig is a genuine app; however, hackers have created tampered versions of it, which act just like malware does. Rather than stealing personal info like many scams, XMRig uses your computational resources to funnel cryptocurrency to illicit digital wallets.

2. Is the XMRig program safe?

If you want to mine the Monero cryptocurrency, then yes, XMRig is safe to install. However, if you didn’t install this app or have no interest in mining Monero, avoid the possibility of your Mac becoming a victim of malware. Moreover, we do recommend installing an antivirus to remove XMRig from your computer as soon as possible.

3. How do I remove XMRig from my Mac?

The easiest way to remove XMRig from a Mac is to use antivirus, as it’ll be able to search your entire system (including hidden folders) to locate and isolate the threat from your device. It’s possible to remove XMRig manually by going to your Applications folder, but this may not delete the source of the threat like an antivirus would.

4. What is the purpose of XMRig crypto-mining malware?

Monero is a cryptocurrency that uses proof-of-work to verify mining and transactions. This means that if your Mac is affected by XMRig, your device will be completing complex math problems to generate new tokens. In turn, such behavior puts great strain on your Mac’s CPU and GPU and will end up costing you lots of money on your electricity bill. So, as mining cryptocurrency is inefficient and energy-intensive for most people, it’s not profitable to perform on your Mac. However, it’s an invaluable weapon in a hacker’s arsenal to make money at your expense.

Use your Mac to the fullest! Sign up and get:
Effective tips on how to fix Mac issues
Reliable advice on how to stay safe online
Mac-world news and updates

Thank you!

You’ll love exploring your Mac with us.

Oops, something went wrong.

Try again or reload a page.

Written By

James Wemyss

James is a tech enthusiast who has been using Mac products for well over a decade. He’s a freelance writer passionate about sharing his expertise with others.

James is a tech enthusiast who has been using Mac products for well over a decade. He’s a freelance writer passionate about sharing his expertise with others.

Here’s another sign you need to upgrade your macOS ASAP:

30% off your MacKeeper subscription

Сopy the code now and use it in the MacKeeper checkout after the upgrade.

Copy Code

Please be aware that this code cannot be combined with any other discounts, offers, or promotions.

Click to Get Gift

Contents

Unlocked
PC

MacKeeper - your all-in-one solution for more space and maximum security.

Try Now

Read more

How to Get Rid of McAfee Pop-Ups on Mac
How to Get Rid of McAfee Pop-Ups on Mac
How to Get Rid of Advanced Mac Cleaner Virus
How to Get Rid of Advanced Mac Cleaner Virus

Download MacKeeper when you're back at your Mac

or

Please enter your email so we can send you a download link

Check your email on your Mac

Install MacKeeper on your Mac computer to rediscover its true power.

arrow

Run Application

step_1

Click Continue

step_2

Click Install

step_1

Your macOS version is lower than OS 10.11. We’d like to offer you MacKeeper 4 to solve the cleaning, privacy, and security issues of your macOS.