Speakup Trojan (Mac)
Written by Tomas Meskauskas on (updated)
What is "Speakup"?
Speakup is a high-risk trojan designed to target Linux and MacOS operating systems. This malware is used to proliferate cryptomining applications and misuse infected systems to mine cryptocurrencies without the device owner's consent. Although Speakup typically targets Linux servers, in some cases, it also infects other systems.
The presence of Speakup significantly diminishes computer performance and poses a threat to the hardware.
This malware infiltrates systems by exploiting various OS vulnerabilities. After successful infiltration, Speakup injects the system with XMRing-based apps that are designed to mine Monero cryptocurrency. Cryptomining gained popularity during the rise of the Bitcoin currency in the last quarter of 2017.
The price increased dramatically and, thus, many people started mining various cryptocurrencies. To successfully mine, however, high-end hardware is paramount (the more powerful system you have, the more revenue you generate). Therefore, the mining process can become costly.
To avoid the cost and risk to hardware, cyber criminals started developing viruses such as Speakup, which employ servers and regular computers to mine cryptocurrency. This happens without users' consent and all revenue goes to the cyber criminals.
Be aware that cryptomining can take up to 100% of system resources, and so the computer can become unstable (or crash) and virtually unusable (it barely responds). In addition, fully-loaded hardware generates excessive heat.
Therefore, within certain circumstances (bad cooling systems, high room temperatures, etc.), the components can overheat (hardware might be permanently damaged). Therefore, the presence of a cryptomining virus can lead to significant financial and data loss. Injecting the system with cryptominers is not the only feature of Speakup.
This malware is capable of infiltrating other devices connected to the same local network. Therefore, this virus can infect the entire local network, thus allowing cyber criminals to generate more revenue, since a single device (especially a home computer) is not very beneficial.
Hundreds of devices, on the other hand, allow cyber criminals to generate many thousands of dollars. Furthermore, Speakup checks running processes to detect any removal processes. If one is identified, Speakup attempts to terminate it by rebooting the system.
If you have noticed a significant reduction in system performance and you suspect Speakup's presence, immediately scan the system with a reputable anti-virus/anti-spyware suite and eliminate all detected threats. If that does not help, restoring the system from a backup is also an option.
| Name | Speakup malware |
| Threat Type | Mac malware, Mac virus |
| Symptoms | Your Mac became slower than normal, you see unwanted pop-up ads, you get redirected to shady websites. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads. |
| Damage | Internet browsing tracking (potential privacy issues), displaying of unwanted ads, redirects to shady websites, loss of private information. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
There are many malicious applications that misuse computers to mine cryptocurrency. The list of examples includes (but is not limited to) JS:CryptoNight, NRSMiner, CookieMiner, and JSMiner-C.
Operating systems targeted by these viruses may differ (some target Windows, others MacOS and/or Linux), however, their presence ultimately leads to the same issues: diminished system performance, potential threat of overheating hardware, and system instability. For these reasons, you should elimination these apps immediately.
How did Speakup install on my computer?
As mentioned above, cyber criminals proliferate this malware by exploiting operating system security vulnerabilities. Clearly, however, the malicious file must first infiltrate the system. To achieve this, cyber criminals typically use various methods, including spam email campaigns, unofficial software download sources, fake software updaters, software cracks, and trojans.
Spam campaigns are used to send malicious attachments (e.g., Microsoft Office documents, PDFs, JavaScript files, executables, etc.). Criminals send deceptive emails with messages encouraging users to open attached links/files. In doing so, users manually trigger the infection.
Third party software download sources present malicious executables as legitimate software, thereby tricking users into downloading and installing viruses. Fake software updaters infect computers by exploiting outdated software bugs/flaws or simply downloading and installing malware rather than updates.
Software cracks are used to bypass paid software activation, however, cyber criminals often use them to proliferate malware. Therefore, rather than activating paid software free of charge, users end up infecting their computers. Finally, trojans are malicious applications that, once infiltrated, continually inject viruses into the system.
Bear in mind that Speakup proliferates itself via a local network and, thus, there is a high probability that it has infiltrated your computer from another device connected to the same network.
How to avoid computer infections?
To prevent this situation, be very cautious when browsing the internet and downloading, updating, and installing software. We strongly recommend that you carefully analyze each email received. If the file/link is irrelevant or the sender seems unrecognizable/suspicious, the attachments should not be opened.
Furthermore, download apps from official sources only, preferably using direct download links. Furthermore, keep installed applications and operating systems up-to-date. To achieve this, however, use implemented functions or tools provided by the official developer.
Never use software 'cracks', since using pirated software is considered a cyber crime (you are stealing from the developers) and cracks are often used to proliferate malware.
There is a high risk of a computer infection. Having a reputable anti-virus/anti-spyware suite installed and running is also extremely important - these tools can detect and eliminate malware before any harm is done. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "Speakup"?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Outstanding!
▼ Show Discussion