Skip to main content

Mac Computers Battling New Malware For Hijacking DNS

By February 1, 2018June 9th, 2022Cybersecurity

It’s official, the first macOS malware of 2018 is here.  Discovered by an independent security researcher and dubbed “OSX/MaMi,” the code is functionally similar to DNSChanger malware.

The researcher posted his findings on the Malwarebytes forum and none other than Patrick Wardle (an ex-NSA hacker) analyzed it, having this to say:

“OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways.  By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads) or to insert cryptocurrency mining scripts into web pages.”

In addition to that, hooks were found in the software that would eventually allow it to:

  • Upload and download files
  • Execute commands
  • Generate simulated mouse events
  • Take screenshots

And more, although at present, these features are not yet active, which points to the malware as being a piece of code still very much in development.

At present, there are no anti-malware or antivirus programs capable of detecting this new strain.  That, of course, will change in short order. However, for the time being, the best way to verify whether or not your machine is infected is to go through “System Preferences” and into the terminal app to check your DNS settings.

Two values you don’t want to see there are: 82.163.143.135 or 82.163.142.137.

If you’d rather not check manually, Patrick Wardle has created a free, open-source firewall for macOS called “Lulu,” which you can download from GitHub.  This program was designed to block suspicious traffic and will prevent OSX/MaMi from stealing anything from your system.

As threats go, this one is relatively minor, but it’s still early in the year, and whomever is behind this piece of code will no doubt be making improvements on it.  Stay tuned.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.