- Joined
- Sep 17, 2014
- Messages
- 4,836
- Reaction score
- 241
I just saw this on the site tidbits.com:
"Mysterious DNS Hijacking Malware Targets Mac Users
A new piece of Mac malware is making the rounds. OSX/MaMi hijacks macOS’s DNS settings to intercept traffic by routing it through malicious servers. Additional capabilities, which didn’t seem to be active in the version that researcher Patrick Wardle analyzed, including taking screenshots, generating simulated mouse events, persisting as a launch item, downloading and uploading files, and executing commands. The motive, author, and how OSX/MaMi is spread are currently unknown, and when the Hacker News article was published, antivirus apps weren’t able to detect it. To see if you’re infected, check your DNS settings in System Preferences > Network, and look for the DNS servers 82.163.143.135 and 82.163.142.137. But unless you did something to bypass macOS’s Gatekeeper security, you likely have nothing to worry about since the malware’s executable isn’t signed by Apple."
(It is actually within that site's page).
I fortunately am fine, but it might be good to check out the DNS servers setting to make sure one is safe.
Also, it might be wise, after a few days, to download and run the following excellent products:
Malwarebytes - Available from here: https://www.malwarebytes.com/mac/
ClamXAV - Available from here: https://www.clamxav.com/
ClamXAV can be used for free for 30 days.
"Mysterious DNS Hijacking Malware Targets Mac Users
A new piece of Mac malware is making the rounds. OSX/MaMi hijacks macOS’s DNS settings to intercept traffic by routing it through malicious servers. Additional capabilities, which didn’t seem to be active in the version that researcher Patrick Wardle analyzed, including taking screenshots, generating simulated mouse events, persisting as a launch item, downloading and uploading files, and executing commands. The motive, author, and how OSX/MaMi is spread are currently unknown, and when the Hacker News article was published, antivirus apps weren’t able to detect it. To see if you’re infected, check your DNS settings in System Preferences > Network, and look for the DNS servers 82.163.143.135 and 82.163.142.137. But unless you did something to bypass macOS’s Gatekeeper security, you likely have nothing to worry about since the malware’s executable isn’t signed by Apple."
(It is actually within that site's page).
I fortunately am fine, but it might be good to check out the DNS servers setting to make sure one is safe.
Also, it might be wise, after a few days, to download and run the following excellent products:
Malwarebytes - Available from here: https://www.malwarebytes.com/mac/
ClamXAV - Available from here: https://www.clamxav.com/
ClamXAV can be used for free for 30 days.
Last edited: