Malware

OSX MaMi: An Undetectable Mac Malware

Security researcher Patrick Wardle has detected a new threat designed specifically for Mac machines. A threat that alters DNS settings and steals user data. An example of which is posted on MalwareBytes forum. This threat is known as MaMi and is characteristically like DNS changer malware attack witnessed in 2012.

What is MaMi and How Does it Work?

MaMi is a malicious malware that made it to the headlines recently. It is a malicious 64-bit executable code said to be distributed by lame methods, like e-mail or fake sites. Once it gets into the machine it changes the DNS settings, installs an infected root certificate, allowing hacker to decrypt and catch the data sent on the Internet and then steals user’s personal and confidential information.

Img src: securityonline.info

It is also capable of performing other functions like:

  1. Capturing screenshots.
  2. Executing commands.
  3. Downloading or uploading of files.
  4. Hijacks mouse clicks
  5. Runs AppleScripts

This clearly explains that the malware can take full control of the machine.

Also Read: 10 Cyber Security Threats To Be Aware Of

How to Detect if Your Machine is Infected?

At present no antivirus engine can detect the malware. The only way to know if the machine is infected is by checking the DNS settings.

To do so, go to System Preferences then to Network and click on Advanced. Now here you will be able to DNS settings. If you see the IP address as 82.163.143.135 and 82.163.142.137 then there is a problem. Your system is compromised.

As reported on Malwarebytes forum the fellow teacher was facing the same problem as DNS settings kept on changing to 82.163.143.135 and 82.163.142.137 even after removing them.

MaMi at present is acting as a DNS hijacker only and there is no clarity about who’s behind it and what is the purpose.

Plus, it is speculated that MaMi required user consent to get into the system therefore, users are advised not to perform following actions:

  1. Do not enable Flash player plugins.
  2. Avoid downloading any updated to run a flash player when visiting a website.
  3. Don’t follow for gimmicks that ask you to download an antivirus software to make your machine infection free.

This attack is an alarming bell that states get ready and keep your eyes opened. Anything that looks too promising or too good to be true is a threat. Do not fall for such gimmicks have an eye of suspicion for such things to stay protected. It is always better to be cautious then to be a victim.

Also Read: What is Eavesdropping Attack- A Complete Guide

Technology is advancing, so are cyber criminals more ways you discover to stay protected more ways they will find to attack. The best way to stay protected is by using technology intelligently. Always download software from trusted sources and if you notice any abnormal activity on your machine run and updated anti-virus and avoid staying connected for time being.

Leave a comment