New macOS Malware OSX/MaMI Steals User Data, Take Screenshots, and More

Apple fans take, for long, sung praises of the immunity of iOS and macOS towards exploits and viruses. This belief seemed to be fading in 2017 which saw multiple ransomware attacking macOS and now, and security researcher and ex-NSA hacker, Patrick Wardle, has discovered a new "undetectable malware" which has been targeting Mac computers.

As per The Hacker News, the malware changes the DNS server information on the host reckoner and intercepts private user information by re-routing the traffic through insecure servers. Dubbed "OSX/MaMI", the malware is a 64-bit executable and is reminiscent of DNSChanger malware which contaminated nearly four million computers in 2012.

New macOS Malware Uses DNS Hijacking to Route Internet Traffic, Take Screenshots, and More — Courtesy: Patrick Wardle

The malware caught Wardle's attention when he came across a written report near DNS hijacking on an online malware information platform. On further investigation, he plant out that OSX/MaMi is not typically an advanced malware just information technology harms the infected Mac systems in "nasty and persistent ways".

In one case the new root certificate is installed and the DNS servers are taken over, a hacker tin eavesdrop on every user action which uses the internet.

The hacker or "man-in-the-middle", Wardle notes, can and so inject ads, ransack passwords, or even insert malicious scripts for cryptocurrency mining.

Critical details including the source or ways of propagation this malware uses are still unknown. Wardle, however, hypothesizes that this could be via spam electronic mail letters which try to replicate imitation security alerts. Apart from manipulating the cyberspace usage of impacted users, OSX/MaMi is capable of simulating mouse clicks and movements, taking screenshots, executing commands via Final, overriding system settings to persist as a launch application, and downloading and uploading other malicious files.

Many of the anti-viruses don't identify OSX/MaMi nevertheless and if you're cautious of your Mac's security, y'all can head over to System Preferences>Network and find Avant-garde. Under DNS menu, lookout man out for 82.163.143.135 and 82.163.142.137. Meanwhile, Wardle is also building a gratuitous open-source firewall which volition secure Mac systems from being infected past OSX/MaMi.