A researcher has discovered a strain of malware in the wild that targets macOS users, reports ZDNet. The malware, dubbed MaMi, was first spotted by security researcher Patrick Wardle.
The researcher spotted a forum post on Malwarebytes in which a user said a colleague "accidentally installed something" and this led to DNS hijacking. Despite the user removing the DNS entries, the address changes, 220.127.116.11 and 18.104.22.168, remained persistent.
In a blog post, Wardle said that while infection methods remain a mystery, the malware is hosted on a number of domains. The researcher found it to be a "trivial" affair to decrypt the malware's configuration data and discovered MaMi also installs a certificate through the Keychain Access app, which would allow for Man-in-The-Middle attacks (MiTM).