Macs are less likely to be infected by malicious apps than Windows computers, but they’re not immune to malware attacks.

A fresh discovery details a dangerous kind of rogue program that can help hackers steal data from your computer and perform other nefarious tasks without your knowledge. Even worse, known anti-virus programs can’t detect the new malware, and it’s not entirely clear how the program propagates to new users.

Per The Hacker News, the malware is called OSX/MaMi, and it’s similar to a virus called DNSChanger that infected millions of computers in 2012.

One way to detect the malware is to check DNS settings on your Mac. If you see addresses including 82.163.143.135 and 82.163.142.137, your Mac may be infected.

The issue was first noticed by a Malwarebytes forum user, who shared screenshots showing these addresses.

Once installed, the malware routes all the traffic through malicious servers (those addresses), and that’s when it can intercept sensitive information.

Former NSA hacker Patrick Wardle looked at the malware closely and discovered it has other capabilities. The program installs a new root certificate to intercept encrypted communications, which doesn’t sound great at all.

“OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways,” Patrick said. “By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads).” Inserting cryptocurrency mining scripts into web pages is one other possible activity.

OSX/MaMi can also be used to take screenshots, generate mouse events, execute commands, and download and upload files. Not cool at all.

Patrick believes the program is being shared via traditional email phishing campaigns or social engineering. That means there’s no mass attack on Mac users right now. As for anti-virus programs, some 59 popular programs can’t detect the program right now. But a firewall could block the traffic — Patrick created a tool called that can help with that.

Comments