New OSX/MaMi Malware Has Been Targetting Macs For A While
Malware is something that we all need to be very aware of, even those of us using Apple’s Macs.
Unfortunately, the first undetectable malware of 2018 has now been identified, and it has already been found targeting Macs for a number of days.
Security researches have shared information on the new OSX/MaMi malware and it appears to be not too dissimilar to the DNSChanger malware that you may remember from all the way back in 2012. That particular issue ended up infecting millions of computers, so it would not be beyond the realms of possibility that a similar number of machines could be at risk from this current malware.
OSX/MaMi isn’t particular advanced – but does alter infected systems in rather nasty and persistent ways… By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads).
In a new blog post covering the discovery of the new malware, ex-NSA hacker Patrick Wardle says the malware could potentially allow attackers to steal information from victims, particularly given the fact that current anti-virus solutions simply do not pick it up as of yet. That will change in due course, but for now, the only way to check whether you are infected is to manually check your own DNS settings via System Preferences > Network > Advanced > DNS. If they have been changed to 22.214.171.124 and 126.96.36.199, then you are, unfortunately, impacted.
More bad news, too, with there currently being no understanding of who is behind the new malware and of how it is spreading, although the old favorites of phishing sites and downloaded attachments do seem the most likely until we learn otherwise.