Cryptojacking is becoming one of the most common types of maker usage on all personal computers. This technique uses crypto miners to employ your computer’s resources to mine cryptocurrency — most commonly, Bitcoin. Bitcoin miner virus is one example of a crypto miner that does exactly this. 


What is the Bitcoin miner virus, and what do you need to know about it?

This malware isn’t a virus, but it still causes problems for anyone whose Mac is infected by it. It’s actually a browser hijacker downloaded, like other browser hijackers, by concealing itself in a bundle with another piece of software.

That could be either a fake update to something like Flash or an app that’s outdated and has been hijacked. Some malware also comes bundled in download managers used by popular download sites. However, it gets onto your Mac; once it’s there, Bitcoin miner redirects your browser’s homepage and displays intrusive adverts. Those adverts contain code that uses your Mac’s CPU cycles and RAM to mine for cryptocurrency. 

How to check your device for Bitcoin mining malware

There are various things you can check to see if you have Bitcoin miner malware on your Mac. Here are a few of the possible signs.

Your computer is slowing down, and your CPU is being chewed up

Cryptojacking is like any other malware — it loves to devour CPU and memory on a Mac. If your machine starts to slow down, go to the Activity Monitor and filter the processes in CPU and Memory, placing the highest consuming programs at the top.

Are there any that look suspicious and are taking up a large chunk of your CPU and memory? Look for ones with random nonsensical characters. Also, look for any with the following in their names: xmrig, minerd, cpuminer, crypto, and coin.

Your device’s battery is heating up

All of this overtaxing of the CPU is going to make your Mac battery work harder than usual. This will have the inevitable knock-on effect of the battery getting hot.

What are the consequences of Bitcoin malware doing this to your machine? The inner workings of the Mac could get damaged, and your Mac could crash frequently.

Extensions and apps are being installed without your permission

If you start to notice things being added to your browser or to the macOS system itself, that is a huge red flag and shouldn’t be ignored. Malware needs a home base to coordinate with — and it’s usually an app or an extension.

Pop-up ads are all over the place

The Bitcoin mining virus wants your personal details, especially your credit card number. To get it, pop-ups will start swarming, possibly trying to scare you with alerts of problems with your computer, such as “Virus Alert!” Yes, it’s ironic, isn’t it?

When you click on such an ad, you’ll be prompted to buy a piece of trash software to address a problem that doesn’t even exist.

Your Wi-Fi is constantly crashing

Another way to detect crypto mining malware also needs a connection to the outside world: your internet connection. But the amount of data it needs to transport is such that a Wi-Fi network connection will often struggle to keep up. In many cases, the overload will cause it to crash.

Anti-malware tools won’t open or update

It’s obviously not in the Bitcoin Miner virus’ best interest to have anti-malware tools open. It will do its best to stop those platforms from opening up and updating. The same goes for your macOS updates, which will be interfered with, too.

How to remove Bitcoin miner Mac virus

There are several steps to removing Bitcoin miner from your Mac. You need to quit the running process, remove login items, and then remove the extension from every web browser you use.

Quit the process

1. Launch Activity Monitor from Applications > Utilities.

2. Look for any processes that look like they may be connected to bitcoin or a cryptocurrency.

3. If you find a process, select and then press the Stop button in the toolbar (it’s an ‘x’).

4. Repeat for any other processes that look like they’re connected to cryptocurrency.

5. Quit Activity Monitor.

If you find a process that you think might be suspicious, but you’re unsure, google its name. Chances are that someone else will have found it on their Mac, and there will be information about it. 

Check your Login Items

Some malware installs login items, so it launches whenever you boot your Mac. Here’s how to check:

  1. Launch System Settings from the Apple menu.
  2. Go to General > Login Items & Extensions.
  3. Review the login items. If any look suspicious, select them and press the minus sign button (-) to remove them.

Remove the extension from Safari

  1. Launch Safari and choose Preferences from the Safari menu.
  2. Click on Extensions.
  3. Look for an extension that you haven’t deliberately installed and which looks suspicious.
  4. If you find one, click Uninstall on it.
  5. Now choose the General tab.
  6. Check the URL of your homepage; if it has been altered, change it back to your preferred homepage.

Remove the extension from Chrome

  1. Launch Chrome and click on the three dots on the right-hand side.
  2. When the menu drops down, click on More Tools and then Extensions, or you can type ‘chrome://extensions’ into the address bar.
  3. Check the installed extensions. If there are any you haven’t chosen to install or that look suspicious, press Remove.
  4. Type ‘chrome://settings’ in the address bar.
  5. Scroll down to “On start-up.” 
  6. If the setting has been altered, change it back to your preference.

Remove the extension from Firefox. 

  1. Launch Firefox.
  2. Click on three horizontal lines on the right of the toolbar and choose Add-ons.
  3. Select Extensions.
  4. Look for an extension likely to be related to Bitcoin miners.
  5. If you find one, click Remove.
  6. Click on the three horizontal lines again and choose Preferences. 
  7. Select Home.
  8. Set “Homepage and new windows” to your preferred homepage. 

Reset browser settings to get rid of the crypto miner virus

Another process you need to undertake is to manually check your browser settings for signs of interference and reset everything back to normal.

Safari

  1. Safari > Settings > Extensions. Remove any unknown ones.
  2. Safari > Settings > General. Reset your homepage.
  3. Safari > Settings > Search. Reset your default search settings.

Chrome

  1. Settings > Extensions > Manage Extensions. Remove any unknown ones.
  2. Settings > Appearance. Reset your homepage.
  3. Settings > Search Engine. Reset your default search settings.

Firefox

  1. Settings > Addons & Themes. Remove any unknown ones.
  2. Settings > Home. Reset your homepage.
  3. Settings > Search. Reset your default search settings.

Clear cache and cookies

Finally, clear the cache and cookies in your browser.

Safari

Safari > Clear History… Delete all cache and temporary internet files.

Chrome

Settings > Privacy and Security. Delete all cache and temporary internet files.

Firefox

Settings > Privacy & Security. Delete all cache and temporary internet files.

Check Launch Daemons and Agents

Now, it’s time to delve a bit deeper into the Macbook settings to check Launch Daemons and Agents.

Open Terminal and type in the following, one at a time:

ls /Library/LaunchDaemons/

ls /Library/LaunchAgents/

ls ~/Library/LaunchAgents/

Go through the folder that appears for each one and look for anything related to cryptocurrency. Words to watch for include “crypto,” “miner,” “bitcoin,” or anything with random gibberish. If you find any, delete them from the folder and the trash can.

Delete all unknown configuration files

Malware will usually set up its own configuration files to give itself the necessary permissions to do its tasks. So go to System Settings > General > Device Management and delete any unknown profiles.

Reinstall the operating system

In some cases, your only feasible course of action to remove crypto mining malware may be to completely wipe your MacBook and reinstall macOS. Luckily, Apple has made this extremely easy with recent macOS versions, but you should still back up all essential files to iCloud.

Be circumspect though what you back up. The last thing you want to do is back up the Bitcoin Miner malware.

To get the process started, go to System Settings > General > Transfer or Reset. Click Erase All Content and Settings. Ensure that FileVault is disabled before you begin.

You have now removed Bitcoin miner from your Mac, and it should not trouble you anymore.


How to protect your Mac from malware

To avoid downloading Bitcoin miner Mac virus or any other malware, be vigilant about the websites you visit and the files you download. If your web browser warns you that a site is not secure or macOS warns you that an app you have downloaded needs manual intervention to permit its installation, don’t ignore the warnings. Think very carefully about whether you want to visit the website or install the app.

If you’re worried that you may have downloaded malware, consider scanning your Mac using an antivirus tool. Alternatively, CleanMyMac has a Protection feature that can scan your Mac and alert you to any malware it finds, then remove it with a click.

Here’s how it works:

  1. Sign up for 7 free days with CleanMyMac.
  2. After installation select Protection on the left. This opens the malware removal tool.
  3. Click the Scan button. CleanMyMac will start methodically searching your Mac, looking for all traces of crypto miner viruses such as Bitcoin Miner.
  4. When any threats have been found, select all the files shown and click Remove.

Bitcoin miner Mac virus isn’t a virus, but it can cause trouble for your Mac because it may steal CPU cycles and RAM to use them to mine cryptocurrency. It may also steal personal data and display intrusive adverts in your web browser. Getting rid of it is straightforward, though, by following the steps above. If you’re worried about other malware you may have downloaded, you can scan your Mac using an antivirus tool or CleanMyMac’s Protection feature.