JS:miner-C has been identified by a number of malware experts as a cryptocurrency mining Trojan. It affects both Macs and PCs and is usually downloaded via a malicious website that is masquerading as a legitimate service. Once on your Mac, it hijacks resources and may install other malware. 

What is a cryptocurrency mining Trojan?

Cryptocurrency is virtual money that is stored digitally. It’s ‘earned’ through a process known as mining, where computers solve cryptographic puzzles to add currency to a wallet.  However, as cryptocurrencies have matured, the puzzles have become more difficult to solve, and so need more computing power to solve them. This has led hackers to create cryptocurrency mining Trojans, or crypto jackers as they are also known. 

This malware once downloaded and installed, hijacks the CPU and memory resources of the host computer to use them to mine for cryptocurrency. The proceeds are sent to the hacker’s wallet. In effect, your Mac becomes part of a botnet, working for the hacker to solve cryptographic puzzles and generate currency. Cryptojackers may also steal data and install other malware.

JS:miner-C is a type of cryptocurrency mining Trojan, that's where the ‘miner’ in its name comes from. The ‘JS’ means ‘JavaScript’, which is the method the malware uses to attack the host computer, and the ‘c’ describes one variant of JS:miner.

What else does this malware do?

According to reports, JS:miner-C may also do any or all of the following:

  • Take screenshots 
  • Log keystrokes 
  • Attempt to gain access to any Bitcoin wallet stored on your Mac
  • Steal data including user login credentials and passwords
  • Install other malware.

How will I know if I have downloaded it?

There are a number of possible clues that you’ve been hijacked by a crypto jacker. These include:

  • Your computer is running slow
  • Your computer’s hanging or freezing
  • It’s running out of memory when trying to complete tasks
  • It’s behaving erratically 

If JS:miner-C has also installed other malware, you may also notice adverts being displayed on your desktop or web browser. The adverts appear because, like other malware, JS:miner-C may install malicious extensions in your web browser that act as adware. Don’t worry, we’ll show you how to get rid of those extensions later in this article.

You can check whether there is malware slowing down your Mac using Activity Monitor, which displays the name of processes running on your Mac, along with the CPU, memory. And network bandwidth they’re using.

The fastest way to remove JS:miner-C from your Mac is to use an app notarized by Apple, like CleanMyMac X. I scan my Mac with CleanMyMac X regularly to remove malware. CleanMyMac X doesn’t let you delete anything important on your Mac, like system files and other items. It monitors your Mac in the background mode and notifies you when the threat is detected. 

How to remove JS:miner-C from your Mac

Here’s the fast way to remove JS:miner-C using CleanMyMac X:

  1. Download, install and launch CleanMyMac X.
  2. Choose Malware Removal in the sidebar.

  3. Malware removal module of CleanMyMac
  4. Hit Scan and wait till CleanMyMac X checks your Mac for JS:miner-C.
  5. If anything found, press Remove.

That’s it, the malware detected on your Mac will all be removed!

Quit malicious processes in Activity Monitor

  1. Go to Applications>Utilities on your Mac and launch Activity Monitor.
  2. Click on the CPU column heading to the list process by the order in which they are consuming CPU cycles.
  3. Starting at the top look for any suspicious processes.
  4. If you find any, Google their name. If they turn out to be malware, select them and press the ‘Quit Process’.

Get rid of suspicious applications

  1. Review your Applications folder.
  2. If you find anything that looks suspicious, drag it to the Trash.

Tip

Dragging an app to the Trash doesn’t uninstall it. To do that, you need to remove all of its associated files. The best way to uninstall an app is to use a dedicated uninstaller tool. I recommend CleanMyMac X. It’s safe, easy to use and will remove all the files associated with an application with one click.


Remove Launch Agents and Daemons

Malware apps can launch automatically when you restart your Mac, so they often install launch agents or daemons to allow them to do that. Here’s how to remove them:

  1. In the Finder, click on the Go menu.
  2. Paste the following into the box: ~/Library/LaunchAgents
  3. Look for any files that have names similar to 'JS:miner'
  4. Drag them to the Trash.
  5. Return to the Go menu and paste: /Library/LaunchDaemons
  6. Repeat steps 3 and 4.

Did you know? 

CleanMyMac X can also remove Launch Agents with just a couple of clicks. Go to the Optimization tab and choose Launch Agents. Select those you want to remove and click Remove.


Delete suspicious browser extensions

Here’s how to delete suspicious extensions in any browser you may use: 

Safari

  1. Click on the Safari menu and select Preferences.
  2. Go to the Extensions tab and locate any extensions that look suspicious.
  3. Click on the extension and press uninstall.

Google Chrome

  1. Paste or type this text in the address bar: chrome://extensions
  2. Look for any extensions you don’t recognize.
  3. If you find a suspicious extension, press Remove next to it.

Mozilla Firefox

  1. Click on the three lines at the right of the address bar.
  2. Select “Add-ons and themes” and choose Extensions.
  3. Search for any extensions that seem suspicious or that you don’t remember installing.
  4. Click the three-dot button and choose “Remove”.

The JS:miner-С Trojan is one variant of a type of malware that uses JavaScript to install a cryptocurrency miner on your Mac. That cryptocurrency miner then hijacks your Mac’s CPU, memory and network resources to mine for cryptocurrency and send the proceeds to the hacker, while your Mac will run more slowly and more erratically. Fortunately, it’s not very difficult to get rid of, though it can be a laborious process. However, if you use CleanMyMac X to get rid of launch agents and rogue browser extensions, it will be much quicker and safer.