Jump to content

New Mac malware hijacks DNS and compromises internet traffic


Recommended Posts

Posted

Mac users haven’t had much good news on the security front early on in 2018, and that unfortunate streak is continuing with the revelation that macOS has been hit by a new strain of DNS hijacking malware (which inflicts more nastiness on the system besides that primary payload).

Named as OSX/MaMi, the malware changes the DNS server settings on the victim’s machine, redirecting their internet traffic through malicious servers designed to steal the user’s sensitive data.

Security researcher Patrick Wardle has looked extensively into MaMi (as spotted by 9 to 5 Mac) and observes that while it isn’t particularly sophisticated, it does more than simple DNS hijacking.

It’s also capable of pulling off tricks like taking screenshots, downloading and uploading files, executing commands, and it installs a new root certificate to facilitate potential man-in-the-middle attacks. It’s pretty bad news all round, really.

Social engineering

How do you get infected? Wardle isn’t certain on this point, but observes that fake emails or social engineering attacks are likely to be involved (both are pretty prevalent vectors these days). The post on Malwarebytes’ forum which pointed out the malware to Wardle showed the infection came from installation of a dodgy program (‘mycoupon’).

Unfortunately, not all antivirus software is currently capable of detecting the malware, although some have been primed to spot it. Hopefully, it shouldn’t be long before all antivirus apps have MaMi on their radar.

To manually check if you’ve been infected, simply look in System Preferences, under the Network pane, click Advanced, and go to the DNS menu. If your DNS settings are set to 82.163.143.135 and 82.163.142.137, then the malware is at large on your system. Wardle provides further advice in this blog post.

Other Mac malware nastiness we’ve witnessed already this year include a zero-day bug in macOS, and another password login flaw which cropped up last week.

If you’re becoming concerned about the amount of viruses and exploits now targeting Apple’s computers, we’ve got a full guide on how to protect your Mac against malware.

  • A couple of Apple’s MacBooks make our list of best laptops
GoTIE8w8IPc

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.