New malware targets macOS DNS settings

A researcher has discovered a strain of malware in the wild that targets macOS users, reports ZDNet. The malware, dubbed MaMi, was first spotted by security researcher Patrick Wardle.

Sick Mac.jpeg

The researcher spotted a forum post on Malwarebytes in which a user said a colleague "accidentally installed something" and this led to DNS hijacking. Despite the user removing the DNS entries, the address changes, 82.163.143.172 and 82.163.142.174, remained persistent.

In a blog post, Wardle said that while infection methods remain a mystery, the malware is hosted on a number of domains. The researcher found it to be a "trivial" affair to decrypt the malware's configuration data and discovered MaMi also installs a certificate through the Keychain Access app, which would allow for Man-in-The-Middle attacks (MiTM).