Symptoms of having OSAMiner installed on macOS are system freezes, problems with opening Activity Monitor (Activity Monitor.app), and higher CPU usage. The script is designed to kill running processes belonging to certain popular system monitoring and cleaning tools.
The OSAMiner setup script uses a tool that prevents the infected computer from entering sleep mode. Research shows that OSAMiner embeds one run-only AppleScript inside another and uses the addresses on public websites to download an open-source Monero miner called XMR-STAK-RX – Free Monero RandomX Miner.
OSAMiner was first detected in 2015 and is still successfully used by cyber criminals due to its complex structure (use of run-only AppleScript files), which prevents researchers from fully studying it and preventing the attacks. OSAMiner is a cryptocurrency miner, a Monero mining Trojan that uses run-only AppleScripts targeting Mac computers.
