How to delete the 'mshelper' malware from macOS
If your Mac is running hot and is consuming its battery at a higher rate than expected in recent days, you may be affected by 'mshelper.' AppleInsider explains how to check for the resource-consuming malware, and how to stop it from slowing down macOS.
New malware affecting macOS has started to circulate, with reports from Mac users on Apple's support forums and Reddit revealing systems are being affected by it. Affected Mac systems typically have their processor running at full tilt, which can prevent other software from working optimally due to resources being used on this unwanted program.
The high processor usage can also cause the Mac to run its fans constantly to try and cool everything down. For MacBook users, mshelper's interference also means the battery life will erode away faster than normal.
It is unknown what exactly mshelper is doing to utilize the processor at such a high rate, but speculation on the Apple support forum suggests it could be some form of adware, or possibly a program used for mining cryptocurrency on a victim's computer. Aside from using the processor, there also doesn't seem to be any other issues it causes on affected desktops, as is typical with ransomware.
As it isn't a virus, it is likely mshelper is distributed through an installation of another piece of software rather than spreading organically.
Checking for mshelper
Open Activity Monitor, which can be found in the Applications folder under Utilities. Alternately, you can search for "Activity Monitor" in Finder, under a "This Mac" search.
Once Activity Monitor is open, click CPU to bring up a list of processes currently using it, then click the Process Name tab to sort the list by alphabetical order. Scroll down the list until you reach where mshelper would appear alphabetically.
You can also click %CPU to sort the list by processor usage. As mshelper is a processor-intensive program, it should appear at the top of the list.
If it appears at all, then the next task is to eliminate it from macOS.
While it is possible to kill the process, this is futile due to it automatically restarting once closed. One way to stop this from happening is to delete just two files buried in the Mac's library.
In Finder, select your Mac's internal storage, then select Library followed by the LaunchDaemons folder. Select com.pplauncher.plist and delete it.
The other file is also found in the Library, under Application Support then pplauncher. Select and delete pplauncher.
At this point, you can kill the process.
Apple does operate its own anti-malware protection system in macOS, designed to protect against threats known to the company. While it isn't currently protecting against this issue, it is highly probable Apple will include changes in a future update to prevent it from working.