Apps: Security

MaMi Malware Struck MacOS

MaMi Malware Struck MacOS

What is MaMi Malware?

MaMi is a DNS hijacker. While Windows users are well acquainted with different kinds of malwares, Mac owners are not. For many years Apple products were considered as virus-safe ones. Recently, the situation has changed. The thing is, MacBooks and iMacs became very popular and virus makers turned their attention to them.
What does it do to my computer?

It changes the DNS you use to enter the Web. Domain Names System is like a navigator for your computer. It names all the other computers and servers and maps the path for you. Now imagine what will happen if someone doctored your navigator and messed up your routes and destination points. You’ll get lost and won’t get anywhere.

In the computer world it means you’ll get nowhere at all as well. You won’t be able to reach any site. The DNS hijackers may look innocent enough when compared to other malwares, but they are very dangerous. They can covertly download other malwares and viruses and even turn your computer into a bot.

Who discovered it?

The first victim of MaMi malware was an unknown teacher. She had a friend ask on her behalf on a Malwarebytes forum , and was able to get some answers. Simultaneously, a cyber security expert Patrick Wardle, who happened to be researching this in his own blog for a bit, came up with a few solution tips of his own.

What does it look like?

If your computer is infected, your DNS will change and you can identify this in the System Preference app (Network pane). What the malicious DNS can look like:

What the malicious DNS can look like. Image source: Objective-See.com.

Looking into the System Preference is the only way to detect MaMi so far. It’s a fresh malware and it is not yet listed in the Virus Total. Likewise, it cannot be detected by AV softwares. The cunning malware immediately downloads a certificate to disguise itself as a properly signed app.

The cloudguard.me certificate can be found in the System Keychain:

The cloudguard.me certificate can be found in the System Keychain. Image source: Objective-See.com.

How can I get rid of MaMi?

Since there’s no AV tool to exterminate the malware, Patrick Wardle’s advice is to re-install the macOS. if you’re an advanced user you can try and reset the DNS servers according to the manual that he has posted in his blog. [https://objective-see.com/blog/blog_0x26.html]

Will any protection by AVs eventually be created?

Sure! But the protection will take time to develop. MaMi, for instance, is a very complicated malware. The DNS servers it used were the only thing that betrayed its presence. You see, these very DNS servers were used for the Windows DNS hijackers many years ago.

So someone somewhere took the time to re-invent the malware for the macOS. So, there will be more to come this way.

Links

[FIX] macOS MaMi DNS Hijacking Malware Identifying and Removal [Video]

Video uploaded by dailytut on January 16, 2018

Share
Published by
Steve

Recent Posts

Scams on WhatsApp: Cybercriminals Impersonate the Voices

Thousands of Scams on WhatsApp: They Impersonate the Voices of Your Parents and Best Friends,…

2 weeks ago

Credential Stuffing: Increasingly Devastating in France

Credential Stuffing: Increasingly Devastating in France This formidable technique explains the surge in cyberattacks in…

3 weeks ago

Users Report Hearing Strange Voices on Their iPhones

Mysterious Case: Users Report Hearing Strange Voices on Their iPhones Affected phones may have privacy…

1 month ago

Xiaomi Announced Poco C75 Mid-range Smartphone

Xiaomi Announced Poco C75 Mid-range Smartphone The Poco C75 is a newly announced mid-range smartphone…

1 month ago

Meta Tests to Implement Facial Recognition Technology

Meta Conducts Tests to Implement Facial Recognition Technology Meta, the company behind social media platforms…

2 months ago

The Best Apple Intelligence Features in iOS 18.1

The 5 Best Apple Intelligence Features You Can Try in iOS 18.1: Experience Apple Intelligence…

2 months ago