Click to Skip Ad
Closing in...

New Mac malware evades anti-virus to snoop on internet traffic

Published Jan 16th, 2018 7:45PM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Macs are less likely to be infected by malicious apps than Windows computers, but they’re not immune to malware attacks.

A fresh discovery details a dangerous kind of rogue program that can help hackers steal data from your computer and perform other nefarious tasks without your knowledge. Even worse, known anti-virus programs can’t detect the new malware, and it’s not entirely clear how the program propagates to new users.

Per The Hacker News, the malware is called OSX/MaMi, and it’s similar to a virus called DNSChanger that infected millions of computers in 2012.

One way to detect the malware is to check DNS settings on your Mac. If you see addresses including 82.163.143.135 and 82.163.142.137, your Mac may be infected.

The issue was first noticed by a Malwarebytes forum user, who shared screenshots showing these addresses.

Once installed, the malware routes all the traffic through malicious servers (those addresses), and that’s when it can intercept sensitive information.

Former NSA hacker Patrick Wardle looked at the malware closely and discovered it has other capabilities. The program installs a new root certificate to intercept encrypted communications, which doesn’t sound great at all.

“OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways,” Patrick said. “By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads).” Inserting cryptocurrency mining scripts into web pages is one other possible activity.

OSX/MaMi can also be used to take screenshots, generate mouse events, execute commands, and download and upload files. Not cool at all.

Patrick believes the program is being shared via traditional email phishing campaigns or social engineering. That means there’s no mass attack on Mac users right now. As for anti-virus programs, some 59 popular programs can’t detect the program right now. But a firewall could block the traffic — Patrick created a tool called that can help with that.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.