Apps: Security

MaMi Malware Struck MacOS

MaMi Malware Struck MacOS

What is MaMi Malware?

MaMi is a DNS hijacker. While Windows users are well acquainted with different kinds of malwares, Mac owners are not. For many years Apple products were considered as virus-safe ones. Recently, the situation has changed. The thing is, MacBooks and iMacs became very popular and virus makers turned their attention to them.
What does it do to my computer?

It changes the DNS you use to enter the Web. Domain Names System is like a navigator for your computer. It names all the other computers and servers and maps the path for you. Now imagine what will happen if someone doctored your navigator and messed up your routes and destination points. You’ll get lost and won’t get anywhere.

In the computer world it means you’ll get nowhere at all as well. You won’t be able to reach any site. The DNS hijackers may look innocent enough when compared to other malwares, but they are very dangerous. They can covertly download other malwares and viruses and even turn your computer into a bot.

Who discovered it?

The first victim of MaMi malware was an unknown teacher. She had a friend ask on her behalf on a Malwarebytes forum , and was able to get some answers. Simultaneously, a cyber security expert Patrick Wardle, who happened to be researching this in his own blog for a bit, came up with a few solution tips of his own.

What does it look like?

If your computer is infected, your DNS will change and you can identify this in the System Preference app (Network pane). What the malicious DNS can look like:

What the malicious DNS can look like. Image source: Objective-See.com.

Looking into the System Preference is the only way to detect MaMi so far. It’s a fresh malware and it is not yet listed in the Virus Total. Likewise, it cannot be detected by AV softwares. The cunning malware immediately downloads a certificate to disguise itself as a properly signed app.

The cloudguard.me certificate can be found in the System Keychain:

The cloudguard.me certificate can be found in the System Keychain. Image source: Objective-See.com.

How can I get rid of MaMi?

Since there’s no AV tool to exterminate the malware, Patrick Wardle’s advice is to re-install the macOS. if you’re an advanced user you can try and reset the DNS servers according to the manual that he has posted in his blog. [https://objective-see.com/blog/blog_0x26.html]

Will any protection by AVs eventually be created?

Sure! But the protection will take time to develop. MaMi, for instance, is a very complicated malware. The DNS servers it used were the only thing that betrayed its presence. You see, these very DNS servers were used for the Windows DNS hijackers many years ago.

So someone somewhere took the time to re-invent the malware for the macOS. So, there will be more to come this way.

Links

[FIX] macOS MaMi DNS Hijacking Malware Identifying and Removal [Video]

Video uploaded by dailytut on January 16, 2018

Share
Published by
Steve

Recent Posts

AirPods Features Introduced with iOS 26

New AirPods features introduced with iOS 26 Here's a detailed look at the new AirPods…

24 mins ago

WatchOS 26 : Apple Intelligence on Your Wrist

WatchOS 26 marks a major leap for the Apple Watch, integrating AI-powered features that make…

1 week ago

How to Make a Photo Using Gemini AI

How to Make a Photo with Your Favorite Artist or Superhero Using Gemini AI Google's…

2 weeks ago

Apple 2025 Keynote: iPhone 17, iPhone Air, AirPods Pro 3, More

Apple September 2025 Keynote Highlights: iPhone 17, iPhone Air, AirPods Pro 3 & More Revealed…

3 weeks ago

Europe Is Demanding €2.95 billion from Google

EU Hits Google with Record €2.95 Billion Fine Over Ad Tech Abuses Why Europe is…

3 weeks ago

How to Prevent Future Updates on Android Phone

To cancel or prevent future updates on an Android phone, use built-in device settings to…

4 weeks ago