• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 27th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
News

New macOS malware hijacks DNS settings and takes screenshots

January 18th, 2018 Waqas News 0 comments
New macOS malware hijacks DNS settings and takes screenshots
Share on FacebookShare on Twitter

The general perception about Apple devices is that they are protected from malware and other hacking attacks. But since hackers are getting smarter and more sophisticated in their attacks things are changing for bad. Now, a Malwarebytes forum user has discovered a dangerous malware targeting macOS – Its in-depth analysis has been conducted by an independent security researcher.

How does it work?

Dubbed OSX/MaMi, the malware is capable of installing a new root certificate and hijacking the DNS servers then manipulating Internet traffic and redirecting it to a malicious server controlled by attackers and steal sensitive data from the device including, login credentials and passwords.

According to Patrick Wardle, a security researcher who analyzed the malware, OSX/MaMi is an unsigned Mach-O 64-bit executable which evades anti-virus detection, keep an eye on victim’s activity by taking screenshots, execute different commands, generate simulated mouse events, download and upload files, etc.

“OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads),” Wardle concluded.

New macOS malware hijacks DNS settings and takes screenshots

How OSX/MaMi infects macOS?

Currently, it is unclear how OSX/MaMi targets and infects macOS, however, Wardle believes attackers are using lame methods “such as malicious email, web-based fake security alerts/popups, or social-engineering type attacks to target Mac users “

How to check if your DNS is infected?

You can manually check if your device is infected with OSX/MaMi by going into DNS settings. If the DNS is set to 82.163.143.135 and 82.163.142.137 your device is infected. Moreover, since none of the 59 anti-virus software on VirusTotal can detect the malware Wardle has created a free open source firewall called ‘LuLu‘ that detects OSX/MaMi’s network traffic.

New macOS malware hijacks DNS settings and takes screenshots

Mac users are urged to keep their operating system up to date, avoid downloading unnecessary apps and software, do not click on links and attachments from unknown emails. Also, use an updated security software and stay safe online.

Top, featured image via DepositPhotos/Rawpixel

  • Tags
  • Apple
  • DNS
  • hacking
  • internet
  • Mac
  • Malware
  • Privacy
  • Scam
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article New Android Malware records audio, video & steals WhatsApp messages
Next article Researcher reports how to hack Facebook account with Oculus Integration
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
The Evolution and Development of Hacking

The Evolution and Development of Hacking

Google reveals details on active vulnerability affecting Windows 10, 7

Google reveals details on active vulnerability affecting Windows 10, 7

Ransomware group donates $20,000 in BTC to two charities

Ransomware group donates $20,000 in BTC to two charities

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

54
Why you should never use free a VPN
Drones

Why you should never use free a VPN

46
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

412

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us