A security researcher has revealed details of a brand-new piece of undetectable malware targeting Apple’s Mac computers—reportedly first macOS malware of 2018.
Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware can be somewhat similar to DNSChanger malware in which infected millions of computers across the planet in 2012.
DNSChanger malware typically adjustments DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers in addition to intercept sensitive information.
First appeared on the Malwarebytes forum, a user posted a query regarding unknown malware in which infected his friend’s computer in which silently changed DNS settings on infected macOS to 188.8.131.52 in addition to 184.108.40.206 addresses.
After looking at the post, ex-NSA hacker Patrick Wardle analysed the malware in addition to found in which in which can be indeed a ‘DNS Hijacker,‘ which also invokes security tools to install a brand-new root certificate in an attempt to intercept encrypted communications as well.
“OSX/MaMi isn’t particularly advanced – nevertheless does alter infected systems in rather nasty in addition to persistent ways,” Patrick said.
“By installing a brand-new root certificate in addition to hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads)” or to insert cryptocurrency mining scripts into web pages.
Besides This particular, the OSX/MaMi macOS malware, which appears to be in its initial stage, also includes below-mentioned abilities, most of which are not currently activated in its type 1.1.0:
- Take screenshots
- Generate simulated mouse events
- Perhaps persist as a launch item
- Download in addition to upload files
- Execute commands
The motive, author(s) behind the malware, in addition to how in which can be spreading are currently unknown.
However, Patrick believes in which the attackers could be using lame methods like malicious emails, web-based fake security alerts/popups, or social-engineering type attacks to target Mac users.
To check if your Mac computer can be infected with MaMi malware, go to the terminal via the System Preferences app in addition to check for your DNS settings—particularly look for 220.127.116.11 in addition to 18.104.22.168.
According to VirusTotal, a multi-engine antivirus scanner, none of 59 well-known antivirus software can be detecting This particular malware at This particular moment, so you are advised to use a 3rd-party tool such as a firewall in which can detect in addition to block outgoing traffic.
You can also install a free open-source firewall for macOS named ‘LuLu,’ created by Patrick in addition to available at GitHub, which blocks suspicious traffic in addition to prevents OSX/MaMi’s through stealing your data.