New macOS malware hijacks DNS settings and takes screenshots

Haythem Elmir
0 1
Read Time1 Minute, 54 Second

The general perception about Apple devices is that they are protected from malware and other hacking attacks. But since hackers are getting smarter and more sophisticated in their attacks things are changing for bad. Now, a Malwarebytes forum user has discovered a dangerous malware targeting macOS – Its in-depth analysis has been conducted by an independent security researcher.

How Does It Work?

Dubbed OSX/MaMi, the malware is capable of installing a new root certificate and hijacking the DNS servers then manipulating Internet traffic and redirecting it to a malicious server controlled by attackers and steal sensitive data from the device including, login credentials and passwords.

According to Patrick Wardle, a security researcher who analyzed the malware, OSX/MaMi is an unsigned Mach-O 64-bit executable which evades anti-virus detection, keep an eye on victim’s activity by taking screenshots, execute different commands, generate simulated mouse events, download and upload files, etc.

OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads),” Wardle concluded.

New macOS malware hijacks DNS settings and takes screenshots

How OSX/MaMi Infects MacOS?

Currently, it is unclear how OSX/MaMi targets and infects macOS, however, Wardle believes attackers are using lame methods “such as malicious email, web-based fake security alerts/popups, or social-engineering type attacks to target Mac users “

How To Check If Your DNS Is Infected?

You can manually check if your device is infected with OSX/MaMi by going into DNS settings. If the DNS is set to 82.163.143.135 and 82.163.142.137 your device is infected. Moreover, since none of the 59 anti-virus software on VirusTotal can detect the malware Wardle has created a free open source firewall called ‘LuLu‘ that detects OSX/MaMi’s network traffic.

New macOS malware hijacks DNS settings and takes screenshots

Mac users are urged to keep their operating system up to date, avoid downloading unnecessary apps and software, do not click on links and attachments from unknown emails. Also, use an updated security software and stay safe online.

To read the original article:

New macOS malware hijacks DNS settings and takes screenshots

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

4 Malicious Chrome Extensions Put 500k Users at Risk of Click Fraud

Presence of spyware and malware in Chrome browser extensions we use to surf the web is nothing new as every other day we hear about a new strain of malware identified in an extension. Sometimes even the extension turns out to be fake and a piece of malware. According to a […]