Researcher Patrick Wardle has analyzed what seems to be a new piece of malware designed to hijack DNS settings on macOS devices. The threat has other capabilities as well, but they do not appear to be active.
The malware, dubbed OSX/MaMi by Wardle based on a core class named “SBMaMiSettings,” is currently only detected – at least based on its signature – by ESET and Ikarus products as OSX/DNSChanger.A and Trojan.OSX.DNSChanger. However, other vendors will likely create signatures for the threat in the upcoming hours and days.
The researcher obtained a sample of MaMi after a user reported on the Malwarebytes forums that a teacher’s Mac had been infected. The user reported that the DNS servers on the compromised system were set to 18.104.22.168 and 22.214.171.124, and they kept changing back after being removed.
Read full news article on SecurityWeek