A new piece of undetectable malware that targets Apple’s Mac computers has emerged called OSX/MaMi. Researchers are saying this malware is somewhat similar to DNSChaner malware that infected millions of computers across the world in 2012. What happens with this kind of malware is typically it’ll change the DNS server settings on an infected computer which allows attackers to route traffic through malicious servers and intercept sensitive data.
“OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways,” says ex-NSA hacker Patrick Wardle.
“By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads)” or to insert cryptocurrency mining scripts into web pages.
Researchers are also claiming that besides this, the OSX/MaMi malware only appears to be in its initial stage. Future abilities may include the following:
- Take screenshots
- Generate simulated mouse events
- Perhaps persist as a launch item
- Download and upload files
- Execute commands
To check if your Mac computer is infected with MaMi malware, go to the terminal via the System Preferences app and check for your DNS settings—particularly look for 126.96.36.199 and 188.8.131.52.
Image courtesy of The Hacker News
If you’d like any further information on MSX/MaMi, or how to best protect your network and devices, please don’t hestitate to reach out to us here.
Stay safe everyone!