Although I don't use them, I've seen this aggregation service mentioned a couple of times at the L&L forum. If you're in the habit of using MacUpdate or other aggregation service:
Did you download and install any Mac software from the MacUpdate site on the first or second of February? If so – and particularly if the app was Firefox 58.0.2, OnyX, or Deeper – you may well have installed a malicious cryptocurrency miner, which has been dubbed OSX.CreativeUpdate.......Although it is thought to be confined to Firefox 58.0.2, OnyX, and Deeper downloaded from MacUpdate on 1st and 2nd February 2018, on further investigation it may be that it affects other apps downloaded from MacUpdate, possibly even from other download aggregation services....
https://eclecticlight.co/2018/02/03/new ... date-site/
Included in the above blog post is a link to an analysis by Thomas Reed of Malwarebytes and a link to a followup post.
MacUpdate, whose response has been inadequate (that's being generous), has advised to uninstall the malware laden downloads and manually delete certain files:
Jess-MacUpdate EDITOR Feb 02, 2018
2francinou, you are absolutely right: the listing for OnyX *had* been compromised, just as had this listing for Firefox. Even my own system had been infected. I might not have realized it without your comment.
If you have installed-and-run Firefox 58.0.2, OnyX, or Deeper since 1 February 2018, please accept our apologies, but you will need to follow these steps to remove a bitcoin miner which hacked versions of those apps have installed. This not the fault of the respective developers, so please do not blame them. The fault is entirely mine for having been fooled by the hackers.
• Delete any copies of the above titles you might have installed.
• Download and install fresh copies of the titles.
• In Finder, open a window for your home directory (Cmd-Shift-H).
• If the Library folder is not displayed, hold down the Option/Alt key, click on the "Go" menu, and select "Library (Cmd-Shift-L)".
• Scroll down to find the "mdworker" folder (~/Library/mdworker/).
• Delete the entire folder.
• Scroll down to find the "LaunchAgents" folder (~/Library/LaunchAgents/).
• From that folder, delete "MacOS.plist" and "MacOSupdate.plist" (~/Library/LaunchAgents/MacOS.plist and ~/Library/LaunchAgents/MacOSupdate.plist).
• Empty the Trash.
• Restart your system.
Again, I apologize to you, our users, and to you, our developers for this violation. It's unfortunate that this type of hack has come to the Mac platform, but we are now more aware, and promise to be more diligent in protecting all of you in future.