/*test3*/ MaMi Malware Struck MacOS | iGotOffer
Apple MacOSApps: Security

MaMi Malware Struck MacOS

MaMi Malware Struck MacOS
MaMi Malware Struck MacOS

MaMi Malware Struck MacOS

What is MaMi Malware?

MaMi is a DNS hijacker. While Windows users are well acquainted with different kinds of malwares, Mac owners are not. For many years Apple products were considered as virus-safe ones. Recently, the situation has changed. The thing is, MacBooks and iMacs became very popular and virus makers turned their attention to them.
What does it do to my computer?

It changes the DNS you use to enter the Web. Domain Names System is like a navigator for your computer. It names all the other computers and servers and maps the path for you. Now imagine what will happen if someone doctored your navigator and messed up your routes and destination points. You’ll get lost and won’t get anywhere.

In the computer world it means you’ll get nowhere at all as well. You won’t be able to reach any site. The DNS hijackers may look innocent enough when compared to other malwares, but they are very dangerous. They can covertly download other malwares and viruses and even turn your computer into a bot.

Who discovered it?

The first victim of MaMi malware was an unknown teacher. She had a friend ask on her behalf on a Malwarebytes forum , and was able to get some answers. Simultaneously, a cyber security expert Patrick Wardle, who happened to be researching this in his own blog for a bit, came up with a few solution tips of his own.

What does it look like?

If your computer is infected, your DNS will change and you can identify this in the System Preference app (Network pane). What the malicious DNS can look like:

malicious dns - MaMi Malware Struck MacOS

What the malicious DNS can look like. Image source: Objective-See.com.

Looking into the System Preference is the only way to detect MaMi so far. It’s a fresh malware and it is not yet listed in the Virus Total. Likewise, it cannot be detected by AV softwares. The cunning malware immediately downloads a certificate to disguise itself as a properly signed app.

The cloudguard.me certificate can be found in the System Keychain:

cloudguard me certificate - MaMi Malware Struck MacOS

The cloudguard.me certificate can be found in the System Keychain. Image source: Objective-See.com.

How can I get rid of MaMi?

Since there’s no AV tool to exterminate the malware, Patrick Wardle’s advice is to re-install the macOS. if you’re an advanced user you can try and reset the DNS servers according to the manual that he has posted in his blog. [https://objective-see.com/blog/blog_0x26.html]

Will any protection by AVs eventually be created?

Sure! But the protection will take time to develop. MaMi, for instance, is a very complicated malware. The DNS servers it used were the only thing that betrayed its presence. You see, these very DNS servers were used for the Windows DNS hijackers many years ago.

So someone somewhere took the time to re-invent the malware for the macOS. So, there will be more to come this way.

Links

[FIX] macOS MaMi DNS Hijacking Malware Identifying and Removal [Video]

Video uploaded by dailytut on January 16, 2018

View Comments (2)

2 Comments

    Leave a Reply

    Your email address will not be published.

    Apple MacOSApps: Security

    More in Apple MacOS