The general perception about Apple devices is that they are protected from and other hacking attacks. But since hackers are getting smarter and more sophisticated in their attacks things are changing for bad. Now, a Malwarebytes forum user has discovered a dangerous targeting macOS – Its in-depth analysis has been conducted by an independent security researcher.

How does it work?

Dubbed OSX/MaMi, the malware is capable of installing a new root certificate and hijacking the DNS servers then manipulating traffic and redirecting it to a malicious server controlled by attackers and steal sensitive data from the device including, login credentials and passwords.

According to Patrick Wardle, a security researcher who analyzed the malware, OSX/MaMi is an unsigned Mach-O 64-bit executable which evades anti-virus detection, keep an eye on victim’s activity by taking screenshots, execute different commands, generate simulated mouse events, download and upload files, etc.

OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads),” Wardle concluded.

New macOS malware hijacks DNS settings and takes screenshots

How OSX/MaMi infects ?

Currently, it is unclear how OSX/MaMi targets and infects macOS, however, Wardle believes attackers are using lame methods “such as malicious email, web-based fake security alerts/popups, or -engineering type attacks to target Mac users “

How to check if your DNS is infected?

You can manually check if your device is infected with OSX/MaMi by going into DNS settings. If the DNS is set to 82.163.143.135 and 82.163.142.137 your device is infected. Moreover, since none of the 59 anti-virus software on VirusTotal can detect the malware Wardle has created a free open source firewall calledLuLu‘ that detects OSX/MaMi’s network traffic.

New macOS malware hijacks DNS settings and takes screenshots

Mac users are urged to keep their operating system up to date, avoid downloading unnecessary apps and software, do not click on links and attachments from unknown emails. Also, use an updated security software and stay safe .

Top, featured image via DepositPhotos/Rawpixel



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here