What is JS:miner-C and how can I remove it from my Mac?
JS:miner-C has been identified by a number of malware experts as a cryptocurrency mining Trojan. It affects both Macs and PCs and is usually downloaded via a malicious website that is masquerading as a legitimate service. Once on your Mac, it hijacks resources and may install other malware.
What is a cryptocurrency mining Trojan?
Cryptocurrency is virtual money that is stored digitally. It’s ‘earned’ through a process known as mining, where computers solve cryptographic puzzles to add currency to a wallet. However, as cryptocurrencies have matured, the puzzles have become more difficult to solve, and so need more computing power to solve them. This has led hackers to create cryptocurrency mining Trojans, or crypto jackers as they are also known.
This malware once downloaded and installed, hijacks the CPU and memory resources of the host computer to use them to mine for cryptocurrency. The proceeds are sent to the hacker’s wallet. In effect, your Mac becomes part of a botnet, working for the hacker to solve cryptographic puzzles and generate currency. Cryptojackers may also steal data and install other malware.
What else does this malware do?
According to reports, JS:miner-C may also do any or all of the following:
- Take screenshots (if you are running macOS Catalina, it will tell you if any app does this)
- Log keystrokes (again, macOS Catalina will warn you)
- Attempt to gain access to any Bitcoin wallet stored on your Mac
- Steal data including user login credentials and passwords
- Install other malware.
How will I know if I have downloaded it?
There are a number of possible clues that you’ve been hijacked by a crypto jacker. These include:
- Your computer is running slow
- Your computer’s hanging or freezing
- It’s running out of memory when trying to complete tasks
- It’s behaving erratically
If JS:miner-C has also installed other malware, you may also notice adverts being displayed on your desktop or web browser. The adverts appear because, like other malware, JS:miner-C may install malicious extensions in your web browser that act as adware. Don’t worry, we’ll show you how to get rid of those extensions later in this article.
You can check whether there is malware slowing down your Mac using Activity Monitor, which displays the name of processes running on your Mac, along with the CPU, memory. And network bandwidth they’re using.
The fastest way to remove JS:miner-C from your Mac is to use an app notarized by Apple, like CleanMyMac X. I scan my Mac with CleanMyMac X regularly to remove malware. CleanMyMac X doesn’t let you delete anything important on your Mac, like system files and other items. It monitors your Mac in the background mode and notifies you when the threat is detected.
How to remove JS:miner-C from your Mac
Here’s the fast way to remove JS:miner-C using CleanMyMac X:
- Download, install and launch CleanMyMac X.
- Choose Malware Removal in the sidebar.
- Hit Scan and wait till CleanMyMac X checks your Mac for JS:miner-C.
- If anything found, press Remove.
That’s it, the malware detected on your Mac will all be removed!
Quit malicious processes in Activity Monitor
- Go to Applications>Utilities on your Mac and launch Activity Monitor.
- Click on the CPU column heading to the list process by the order in which they are consuming CPU cycles.
- Starting at the top look for any suspicious processes.
- If you find any, Google their name. If they turn out to be malware, select them and press the ‘Quit Process’.
Get rid of suspicious applications
- Review your Applications folder.
- If you find anything that looks suspicious, drag it to the Trash.
Remove Launch Agents and Daemons
Malware apps can launch automatically when you restart your Mac, so they often install launch agents or daemons to allow them to do that. Here’s how to remove them:
- In the Finder, click on the Go menu.
- Paste the following into the box: ~/Library/LaunchAgents
- Look for any files that have names similar to 'JS:miner'
- Drag them to the Trash.
- Return to the Go menu and paste: /Library/LaunchDaemons.
- Repeat steps 3 and 4.
Delete suspicious browser extensions
Here’s how to delete suspicious extensions in any browser you may use:
- Click on the Safari menu and select Preferences.
- Go to the Extensions tab and locate any extensions that look suspicious.
- Click on the extension and press uninstall.
- Paste or type this text in the address bar: “chrome://extensions”.
- Look for any extensions you don’t recognize.
- If you find a suspicious extension, press Remove next to it.
- Click on the three lines at the right of the address bar.
- Select “Add-ons” followed by “Extensions”.
- Search for any extensions that seem suspicious or that you don’t remember installing.
- Select one and choose “Remove”.