The first nasty bit of undetectable malware of 2018 has been unearthed after it was found targeting Macs this week.
Security researchers revealed info about the new OSX/MaMi malware which is a lot like the popular DNSChanger malware from 2012 that infected millions of machines.
In a blog post detailing the new malware, ex-NSA hacker Patrick Wardle says the OSX/MaMi malware could be used by attackers to steal personal information from victims. Current anti-virus software won’t detect an infection for now.
“OSX/MaMi isn’t particular advanced – but does alter infected systems in rather nasty and persistent ways,” writes Wardle. “By installing a new root certifcate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads).”
It’s still unknown who is behind OSX/MaMi or how it is spreading. The distribution methods are likely your run of the mill phishing and email attachment attacks though.
To see if you’ve been infected, go to the System Preferences app to check your DNS settings and see if they’ve been changed to 82.163.143.135 and 82.163.142.137.
Buster Hein is a freelance writer who lives in Phoenix, Arizona. Twitter: @bst3r.
4 responses to “Stealthy OSX/MaMi malware discovered targeting Macs”
I do not understand ….”go to system preferences app”….. please detail how to do that.
go to system preferences (apple menu, system preferences), then go to “network” icon, select your active network device (like Wi-Fi or Ethernet) , click “advanced” and then “DNS” tab
But you need to run as administrator, so “infection” has to be authorized by the user, isn’t it? You can’t install a system certificate or change system preference without authorizing it
Why anti-virus companies are failing?