OSX/MaMi Malware Hijacks DNS, Takes Screenshots, More

Malwarebytes discovered Fruitfly malware for Macs

There’s a new DNS highjacking malware for the Mac dubbed OSX/MaMi in the wild, and virus and malware checkers aren’t yet detecting. OSX/MaMi lets attackers route your Internet traffic through their own servers and collect personal data, plus it can upload and download files, take screenshots, and more.

OSX/MaMi malware for the Mac hijacks DNS
DNS hijacking malware OSX/MaMi hits the Mac

Security researcher and former NSA hacker Patrick Wardle analyzed the malware and called it a DNS Hijacker. He said,

By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads)” or to insert cryptocurrency mining scripts into web pages.

He said it can also take screenshots, upload and download files, generate mouse events, and execute commands.

Researchers haven’t discovered how it spreads yet. It’s likely attackers are tricking victims into installing it with fake security warnings and malicious email messages.

It’s easy to tell if you’ve been hit with OSX/MaMi by checking the DNS entries on your Mac. You can do that by going to Apple menu > System Preferences, Then do this:

  • Select Network
  • Click Advanced
  • Choose the DNS tab
  • Look for 82.163.143.135 and 82.163.142.137

If you see either of those IP addresses your Mac has been hit with OSX/MaMi. It’s unclear right how which files need to be removed from your Mac to remove the threat. Changing the DNS entries to something else, like Google’s 8.8.8.8, seems to fix the problem for now.

As always, you can minimize the risk of installing the malware by avoiding websites you don’t trust, not clicking on pop-ups or other alerts on webpages, and not clicking links in email messages from people you don’t know.

One thought on “OSX/MaMi Malware Hijacks DNS, Takes Screenshots, More

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.