The first nasty bit of undetectable malware of 2018 has been unearthed after it was found targeting Macs this week.
Security researchers revealed info about the new OSX/MaMi malware which is a lot like the popular DNSChanger malware from 2012 that infected millions of machines.
In a blog post detailing the new malware, ex-NSA hacker Patrick Wardle says the OSX/MaMi malware could be used by attackers to steal personal information from victims. Current anti-virus software won’t detect an infection for now.
“OSX/MaMi isn’t particular advanced – but does alter infected systems in rather nasty and persistent ways,” writes Wardle. “By installing a new root certifcate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads).”
It’s still unknown who is behind OSX/MaMi or how it is spreading. The distribution methods are likely your run of the mill phishing and email attachment attacks though.
To see if you’ve been infected, go to the System Preferences app to check your DNS settings and see if they’ve been changed to 22.214.171.124 and 126.96.36.199.