New macOS Malware OSX/MaMI Steals User Data, Take Screenshots, and More

mac-virus-trojan

Apple fans have, for long, sung praises of the immunity of iOS and macOS towards exploits and viruses. This belief seemed to be fading in 2017 which saw multiple ransomware attacking macOS and now, and security researcher and ex-NSA hacker, Patrick Wardle, has discovered a new “undetectable malware” which has been targeting Mac computers.

As per The Hacker News, the malware changes the DNS server information on the host computer and intercepts private user data by re-routing the traffic through insecure servers. Dubbed “OSX/MaMI”, the malware is a 64-bit executable and is reminiscent of DNSChanger malware which contaminated nearly four million computers in 2012.

New macOS Malware Uses DNS Hijacking to Route Internet Traffic, Take Screenshots, and More
Courtesy: Patrick Wardle

The malware caught Wardle’s attention when he came across a report about DNS hijacking on an online malware information platform. On further investigation, he found out that OSX/MaMi is not typically an advanced malware but it harms the infected Mac systems in “nasty and persistent ways“.

Once the new root certificate is installed and the DNS servers are taken over, a hacker can eavesdrop on every user action which uses the internet.

The hacker or “man-in-the-middle“, Wardle notes, can then inject ads, ransack passwords, or even insert malicious scripts for cryptocurrency mining.

Critical details including the source or ways of propagation this malware uses are still unknown. Wardle, however, hypothesizes that this could be via spam email messages which try to replicate fake security alerts. Apart from manipulating the internet usage of impacted users, OSX/MaMi is capable of simulating mouse clicks and movements, taking screenshots, executing commands via Terminal, overriding system settings to persist as a launch application, and downloading and uploading other malicious files.

Many of the anti-viruses don’t identify OSX/MaMi yet and if you’re cautious of your Mac’s security, you can head over to System Preferences>Network and find Advanced. Under DNS menu, watch out for 82.163.143.135 and 82.163.142.137. Meanwhile, Wardle is also building a free open-source firewall which will secure Mac systems from being infected by OSX/MaMi.

comment Comments 0
Leave a Reply

Loading comments...