Jump to content

New Mac malware hijacks DNS and compromises internet traffic

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted

Mac users haven’t had much good news on the security front early on in 2018, and that unfortunate streak is continuing with the revelation that macOS has been hit by a new strain of DNS hijacking malware (which inflicts more nastiness on the system besides that primary payload).

Named as OSX/MaMi, the malware changes the DNS server settings on the victim’s machine, redirecting their internet traffic through malicious servers designed to steal the user’s sensitive data.

Security researcher Patrick Wardle has looked extensively into MaMi (as spotted by 9 to 5 Mac) and observes that while it isn’t particularly sophisticated, it does more than simple DNS hijacking.

It’s also capable of pulling off tricks like taking screenshots, downloading and uploading files, executing commands, and it installs a new root certificate to facilitate potential man-in-the-middle attacks. It’s pretty bad news all round, really.

Social engineering

How do you get infected? Wardle isn’t certain on this point, but observes that fake emails or social engineering attacks are likely to be involved (both are pretty prevalent vectors these days). The post on Malwarebytes’ forum which pointed out the malware to Wardle showed the infection came from installation of a dodgy program (‘mycoupon’).

Unfortunately, not all antivirus software is currently capable of detecting the malware, although some have been primed to spot it. Hopefully, it shouldn’t be long before all antivirus apps have MaMi on their radar.

To manually check if you’ve been infected, simply look in System Preferences, under the Network pane, click Advanced, and go to the DNS menu. If your DNS settings are set to 82.163.143.135 and 82.163.142.137, then the malware is at large on your system. Wardle provides further advice in this blog post.

Other Mac malware nastiness we’ve witnessed already this year include a zero-day bug in macOS, and another password login flaw which cropped up last week.

If you’re becoming concerned about the amount of viruses and exploits now targeting Apple’s computers, we’ve got a full guide on how to protect your Mac against malware.

  • A couple of Apple’s MacBooks make our list of best laptops
GoTIE8w8IPc
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept