{"id":8529,"date":"2018-01-24T16:24:17","date_gmt":"2018-01-24T16:24:17","guid":{"rendered":"https:\/\/igotoffer.com\/blog\/?p=8529"},"modified":"2022-12-29T20:20:31","modified_gmt":"2022-12-29T20:20:31","slug":"mami-malware-struck-macos","status":"publish","type":"post","link":"https:\/\/igotoffer.com\/blog\/mami-malware-struck-macos","title":{"rendered":"MaMi Malware Struck MacOS"},"content":{"rendered":"

MaMi Malware Struck MacOS<\/h2>\n

What is MaMi Malware?<\/h3>\n

MaMi is a DNS hijacker. While Windows users are well acquainted with different kinds of malwares, Mac owners are not. For many years Apple products were considered as virus-safe ones. Recently, the situation has changed. The thing is, MacBooks and iMacs became very popular and virus makers turned their attention to them.
\nWhat does it do to my computer?<\/p>\n

It changes the DNS you use to enter the Web. Domain Names System is like a navigator for your computer. It names all the other computers and servers and maps the path for you. Now imagine what will happen if someone doctored your navigator and messed up your routes and destination points. You\u2019ll get lost and won\u2019t get anywhere.<\/p>\n

In the computer world it means you\u2019ll get nowhere at all as well. You won\u2019t be able to reach any site. The DNS hijackers may look innocent enough when compared to other malwares, but they are very dangerous. They can covertly download other malwares and viruses and even turn your computer into a bot.<\/p>\n

Who discovered it?<\/h3>\n

The first victim of MaMi malware was an unknown teacher. She had a friend ask on her behalf on a Malwarebytes forum , and was able to get some answers. Simultaneously, a cyber security expert Patrick Wardle, who happened to be researching this in his own blog for a bit, came up with a few solution tips of his own.<\/p>\n

What does it look like?<\/h3>\n

If your computer is infected, your DNS will change and you can identify this in the System Preference app (Network pane). What the malicious DNS can look like:<\/p>\n

\"What

What the malicious DNS can look like. Image source: Objective-See.com<\/a>.<\/p><\/div>\n

Looking into the System Preference is the only way to detect MaMi so far. It\u2019s a fresh malware and it is not yet listed in the Virus Total. Likewise, it cannot be detected by AV softwares. The cunning malware immediately downloads a certificate to disguise itself as a properly signed app.<\/p>\n

The cloudguard.me certificate can be found in the System Keychain:<\/p>\n

\"The

The cloudguard.me certificate can be found in the System Keychain. Image source: Objective-See.com<\/a>.<\/p><\/div>\n

How can I get rid of MaMi?<\/h3>\n

Since there\u2019s no AV tool to exterminate the malware, Patrick Wardle\u2019s advice is to re-install the macOS. if you’re an advanced user you can try and reset the DNS servers according to the manual that he has posted in his blog. [https:\/\/objective-see.com\/blog\/blog_0x26.html]\n

Will any protection by AVs eventually be created?<\/h3>\n

Sure! But the protection will take time to develop. MaMi, for instance, is a very complicated malware. The DNS servers it used were the only thing that betrayed its presence. You see, these very DNS servers were used for the Windows DNS hijackers many years ago.<\/p>\n

So someone somewhere took the time to re-invent the malware for the macOS. So, there will be more to come this way.<\/p>\n

Links<\/h2>\n