The general perception about Apple devices is that they are protected from malware and other attacks. But since hackers are getting smarter and more sophisticated in their attacks things are changing for bad. Now, a Malwarebytes forum user has discovered a dangerous malware targeting macOS – Its in-depth analysis has been conducted by an independent security researcher.

How does it work?

Dubbed OSX/MaMi, the malware is capable of installing a new root certificate and hijacking the servers then manipulating Internet traffic and redirecting it to a malicious server controlled by attackers and steal sensitive data from the device including, login credentials and passwords.

According to Patrick Wardle, a security researcher who analyzed the malware, OSX/MaMi is an unsigned Mach-O 64-bit executable which evades anti-virus detection, keep an eye on victim’s activity by taking screenshots, execute different commands, generate simulated mouse events, download and upload files, etc.

OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads),” Wardle concluded.

New macOS malware hijacks DNS settings and takes screenshots

How OSX/MaMi infects macOS?

Currently, it is unclear how OSX/MaMi targets and infects macOS, however, Wardle believes attackers are using lame methods “such as malicious , web-based fake security alerts/popups, or social-engineering type attacks to target Mac users “

How to check if your DNS is infected?

You can manually check if your device is infected with OSX/MaMi by going into DNS . If the DNS is set to and your device is infected. Moreover, since none of the 59 anti-virus software on VirusTotal can detect the malware Wardle has created a free open source firewall calledLuLu‘ that detects OSX/MaMi’s network traffic.

New macOS malware hijacks DNS settings and takes screenshots

Mac users are urged to keep their operating system up to date, avoid downloading unnecessary apps and software, do not click on links and attachments from unknown emails. Also, use an updated security software and stay safe online.

Top, featured image via DepositPhotos/Rawpixel

Source link


Please enter your comment!
Please enter your name here