What is JS:miner-C and how can I remove it from my Mac?
Before we start
Having spent some years coding applications for macOS, we’ve created a tool that everybody can use. The all-round problem fixer for Mac.
So here’s a tip for you: Download CleanMyMac to quickly solve some of the issues mentioned in this article. But to help you do it all by yourself, we’ve gathered our best ideas and solutions below.
JS:miner-C has been identified by a number of malware experts as a cryptocurrency mining Trojan. It affects both Macs and PCs and is usually downloaded via a malicious website that is masquerading as a legitimate service. Once on your Mac, it hijacks resources and may install other malware.
What is a cryptocurrency mining Trojan?
Cryptocurrency is virtual money that is stored digitally. It’s ‘earned’ through a process known as mining, where computers solve cryptographic puzzles to add currency to a wallet. However, as cryptocurrencies have matured, the puzzles have become more difficult to solve, and so need more computing power to solve them. This has led hackers to create cryptocurrency mining Trojans, or crypto jackers as they are also known.
This malware once downloaded and installed, hijacks the CPU and memory resources of the host computer to use them to mine for cryptocurrency. The proceeds are sent to the hacker’s wallet. In effect, your Mac becomes part of a botnet, working for the hacker to solve cryptographic puzzles and generate currency. Cryptojackers may also steal data and install other malware.
JS:miner-C is a type of cryptocurrency mining Trojan, that's where the ‘miner’ in its name comes from. The ‘JS’ means ‘JavaScript’, which is the method the malware uses to attack the host computer, and the ‘c’ describes one variant of JS:miner.
What else does this malware do?
According to reports, JS:miner-C may also do any or all of the following:
- Take screenshots
- Log keystrokes
- Attempt to gain access to any Bitcoin wallet stored on your Mac
- Steal data including user login credentials and passwords
- Install other malware.
How will I know if I have downloaded it?
There are a number of possible clues that you’ve been hijacked by a crypto jacker. These include:
- Your computer is running slow
- Your computer’s hanging or freezing
- It’s running out of memory when trying to complete tasks
- It’s behaving erratically
If JS:miner-C has also installed other malware, you may also notice adverts being displayed on your desktop or web browser. The adverts appear because, like other malware, JS:miner-C may install malicious extensions in your web browser that act as adware. Don’t worry, we’ll show you how to get rid of those extensions later in this article.
You can check whether there is malware slowing down your Mac using Activity Monitor, which displays the name of processes running on your Mac, along with the CPU, memory. And network bandwidth they’re using.
The fastest way to remove JS:miner-C from your Mac is to use an app notarized by Apple, like CleanMyMac X. I scan my Mac with CleanMyMac X regularly to remove malware. CleanMyMac X doesn’t let you delete anything important on your Mac, like system files and other items. It monitors your Mac in the background mode and notifies you when the threat is detected.
How to remove JS:miner-C from your Mac
Here’s the fast way to remove JS:miner-C using CleanMyMac X:
- Download, install and launch CleanMyMac X.
- Choose Malware Removal in the sidebar.
- Hit Scan and wait till CleanMyMac X checks your Mac for JS:miner-C.
- If anything found, press Remove.
That’s it, the malware detected on your Mac will all be removed!
Quit malicious processes in Activity Monitor
- Go to Applications>Utilities on your Mac and launch Activity Monitor.
- Click on the CPU column heading to the list process by the order in which they are consuming CPU cycles.
- Starting at the top look for any suspicious processes.
- If you find any, Google their name. If they turn out to be malware, select them and press the ‘Quit Process’.
Get rid of suspicious applications
- Review your Applications folder.
- If you find anything that looks suspicious, drag it to the Trash.
Remove Launch Agents and Daemons
Malware apps can launch automatically when you restart your Mac, so they often install launch agents or daemons to allow them to do that. Here’s how to remove them:
- In the Finder, click on the Go menu.
- Paste the following into the box:
~/Library/LaunchAgents - Look for any files that have names similar to 'JS:miner'
- Drag them to the Trash.
- Return to the Go menu and paste:
/Library/LaunchDaemons - Repeat steps 3 and 4.
Delete suspicious browser extensions
Here’s how to delete suspicious extensions in any browser you may use:
Safari
- Click on the Safari menu and select Preferences.
- Go to the Extensions tab and locate any extensions that look suspicious.
- Click on the extension and press uninstall.
Google Chrome
- Paste or type this text in the address bar:
chrome://extensions - Look for any extensions you don’t recognize.
- If you find a suspicious extension, press Remove next to it.
Mozilla Firefox
- Click on the three lines at the right of the address bar.
- Select “Add-ons and themes” and choose Extensions.
- Search for any extensions that seem suspicious or that you don’t remember installing.
- Click the three-dot button and choose “Remove”.
The JS:miner-С Trojan is one variant of a type of malware that uses JavaScript to install a cryptocurrency miner on your Mac. That cryptocurrency miner then hijacks your Mac’s CPU, memory and network resources to mine for cryptocurrency and send the proceeds to the hacker, while your Mac will run more slowly and more erratically. Fortunately, it’s not very difficult to get rid of, though it can be a laborious process. However, if you use CleanMyMac X to get rid of launch agents and rogue browser extensions, it will be much quicker and safer.
