TidBITS: Mysterious DNS Hijacking Malware Targets Mac Users

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

TidBITS: Mysterious DNS Hijacking Malware Targets Mac Users

TidBITS Articles
Mysterious DNS Hijacking Malware Targets Mac Users

This article was just published by TidBITS and sent to you at your request.

Mysterious DNS Hijacking Malware Targets Mac Users

By Josh Centers
http://tidbits.com/article/17746

A new piece of Mac malware is making its rounds. OSX/MaMi hijacks macOS’s DNS settings to intercept traffic by routing it through malicious servers. Additional capabilities, which didn’t seem to be active in the version that research Patrick Wardle analyzed, including taking screenshots, generating simulated mouse events, persisting as a launch item, downloading and uploading files, and executing commands. The motive, author, and how OSX/MaMi is spread are currently unknown, and when the Hacker News article was published, antivirus apps weren’t able to detect it. To see if you’re infected, check your DNS settings in System Preferences > Network, and look for the DNS servers 82.163.143.135 and 82.163.142.137.

Post a comment

TidBITS members can unsubscribe from just-published articles at http://tidbits.com/subscriptions. TidBITS Talk readers will need to create a filter to delete these articles.

Article copyright © 2018 By Josh Centers . Reuse governed by Creative Commons License.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____