Back in 2012, millions of Windows PCs were affected by DNSChanger malware, and now the same malware has been targeting macOS. Called MaMi, the malware was first discovered by security researcher Patrick Wardel. Also Read - macOS Monterey releases today: Check compatible Apple devices, top features, moreAlso Read - Is your phone infected with malware? Here's how to find out
Wardel spotted a forum post on Malwarebytes where a user said, accidentally installed something and that led to DNS hijacking. And despite removing the DNS entries, the address changes remained persistent. The Malwarebytes software spotted and reported about one indicator MyCoupon, which is often labeled as nuisanceware. On deeper inspection, the DNS entries suggested that something with graver impact was happening. Also Read - Over 10 million Android users affected with GriftHorse malware: Delete these apps now
After the operating system is infected, MaMi changes the DNS entry and installs a root certificate. And even as victims try to manually change the DNS entries, it persistently reverts back to the malicious DNS entries.
How does MaMi malware function?
To begin with, it installs a local certificate that can stream logon credentials, take screenshots of the desktop, run AppleScripts, which in turn gives the malware an ability to execute scripts. With DSN IP under control of criminals, they can redirect users to ads controlled by criminals, or to malicious domains. What s more, the malware can also download and upload files to steal sensitive files, and also download additional scripts and modules.
How do you know if your system is compromised?
If you can see the existence of these domain entries 184.108.40.206 and 220.127.116.11, it is a sign that your system may have been compromised by MaMi malware. Furthermore, if you see domains registered by angein.ingfo, infolilovakia.info, inforegardens.info, infodefinitial.info and infohumption.info, it is also a sign of system bring compromised.
How to prevent MaMi malware from infecting your Mac?
Similar to DNS Changer malware on Windows OS, it is difficult to prevent your macOS from getting infected by MaMi malware. One way to prevent infection is to monitor and block network machines from attempting to access the above-mentioned domain entries.
It is also recommended that you install anti-virus and anti-malware software, and keep them updated. As a general practice, always keep your OS updated, whenever updates are available. You should backup your data regularly, avoid accessing unsolicited websites, and also avoid connecting to public Wi-Fi networks as far as possible. These steps will help you keep your macOS safe from MaMi malware.