Stealthy OSX/MaMi malware discovered targeting Macs


macOS High Sierra
Your antivirus won't save you from OSX/MaMi.
Photo: Ste Smith/Cult of Mac

The first nasty bit of undetectable malware of 2018 has been unearthed after it was found targeting Macs this week.

Security researchers revealed info about the new OSX/MaMi malware which is a lot like the popular DNSChanger malware from 2012 that infected millions of machines.

In a blog post detailing the new malware, ex-NSA hacker Patrick Wardle says the OSX/MaMi malware could be used by attackers to steal personal information from victims. Current anti-virus software won’t detect an infection for now.

“OSX/MaMi isn’t particular advanced – but does alter infected systems in rather nasty and persistent ways,” writes Wardle. “By installing a new root certifcate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads).”

It’s still unknown who is behind OSX/MaMi or how it is spreading. The distribution methods are likely your run of the mill phishing and email attachment attacks though.

To see if you’ve been infected, go to the System Preferences app to check your DNS settings and see if they’ve been changed to and


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.