Security experts have discovered the first new Mac malware strain this year. The virus named OSX MaMi can hijack a Mac’s DNS settings and steal victims’ personal data. OSX MaMi looks like the widespread DNSChanger malware which infected millions of computers in 2012.
The virus is distributed in the form of an unsigned Mach-O 64-bit binary that currently doesn’t trigger any detections on aggregated anti-malware scan engines. The distribution methods include the mill phishing and malicious email attachments.
The OSX MaMi source code has the following functionality:
• Set up custom DNS settings
• Install a local certificate
• Download and upload files
• Take screenshots
• Hijack mouse clicks
• Run AppleScripts
• Get OS launch persistence
• Execute commands
However, the current version of this virus doesn’t support most of these functionality, but can only get boot persistence, install a local certificate, and set up custom DNS server settings to hijack your browsers or to inject variours ads.
To find out if you have been infected by the OSX MaMi malware, you should check your DNS settings and see if they have been changed to 220.127.116.11 and 18.104.22.168. OSX MaMi does not seem to be targeting Windows devices at the current moment.