Following closely after the recent discovery of security holes in High Sierra, a security researcher has discovered new malware targeting the DNS settings on Macs.
Details of the malware called OSX/MaMi were posted on the Objective-See website and shows how the malware changes the DNS settings of your Mac’s internet connection to 220.127.116.11 and 18.104.22.168 meaning the hijackers can re-route your internet traffic, steal sensitive information or inject ads. You can actually download and install the malware from the Objective-See website although we obviously don’t recommend it.
The Hacker News reports that the DNS Hijacker malware can even install a root certificate to allow it to intercept encrypted communications as well. Other potential malicious things MaMi can do are take screenshots, hijack mouse movements or trackpads, download/upload files and execute files.
It’s not yet clear how it’s being spread but is suspected to be from malicious emails or fake security ad popups.
To check if you’ve been affected by MaMi, follow these instructions:
- Go to the Apple logo in the top left corner of your Mac’s screen and select System Preferences…
- Select Network:
- Select Advanced:
- Select the DNS tab at the top and then look for anything strange in your DNS settings and particularly make sure that the numbers 22.214.171.124 and 126.96.36.199 do not appear in the DNS Server box.
At the moment, there are no anti-virus software for Mac that can detect MaMi. However, there are various tools that can detect and block MaMi.
You can download a special tool called LuLu (currently in Alpha version) created by Patrick Wardle at Objective-See can block the MaMi malware from infecting your Mac. LuLu prevents unauthorized outgoing connections make from your Mac so that it prevents MaMi from being able to hijack your internet connection.
You can also use the free trial of network monitoring utility Little Snitch which does a similar job of managing incoming and outgoing connections on your Mac although it’s only free for 30 days.
Another option is the Beta version of DetectX Swift which is free to download and can detect malware on your Mac including OSX/MaMi.
We also recommend running Malwarebytes for Mac. Although it hasn’t been updated yet to detect MaMi, it will be one of the first to do so and is definitely worth running now and then anyway to check for other malware.
You can find a range of other tools which can protect you from similar unauthorized network hijacking in our look at the best network monitoring software for Mac.
In the meantime make sure you don’t click on any suspicious emails or unusual pop-up ads that claim your Mac is infected.
If you think you’ve been infected by MaMi or are having problems removing it, let us know in the comments below.