OSX/MaMi Malware Hijacks DNS, Takes Screenshots, More

1 minute read
| News

There’s a new DNS highjacking malware for the Mac dubbed OSX/MaMi in the wild, and virus and malware checkers aren’t yet detecting. OSX/MaMi lets attackers route your Internet traffic through their own servers and collect personal data, plus it can upload and download files, take screenshots, and more.

OSX/MaMi malware for the Mac hijacks DNS

DNS hijacking malware OSX/MaMi hits the Mac

Security researcher and former NSA hacker Patrick Wardle analyzed the malware and called it a DNS Hijacker. He said,

By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads)” or to insert cryptocurrency mining scripts into web pages.

He said it can also take screenshots, upload and download files, generate mouse events, and execute commands.

Researchers haven’t discovered how it spreads yet. It’s likely attackers are tricking victims into installing it with fake security warnings and malicious email messages.

It’s easy to tell if you’ve been hit with OSX/MaMi by checking the DNS entries on your Mac. You can do that by going to Apple menu > System Preferences, Then do this:

  • Select Network
  • Click Advanced
  • Choose the DNS tab
  • Look for 82.163.143.135 and 82.163.142.137

If you see either of those IP addresses your Mac has been hit with OSX/MaMi. It’s unclear right how which files need to be removed from your Mac to remove the threat. Changing the DNS entries to something else, like Google’s 8.8.8.8, seems to fix the problem for now.

As always, you can minimize the risk of installing the malware by avoiding websites you don’t trust, not clicking on pop-ups or other alerts on webpages, and not clicking links in email messages from people you don’t know.

One Comment Add a comment

  1. Lee Dronick

    not clicking on pop-ups or other alerts on webpages

    I wish that enabling No Popups in Safari Preferences actually stopped popups.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account