MaMi Malware Attacks- Settings of Mac OS X DNS is the Target
Security analysts found a new malware that can steal DNS settings. Named MaMi, after a pattern in the code of the program. Mac security analyst Patrick Wardle highlighted this flaw in a blog post. Malware can take screenshot, access files and take password.
A client fromMalwareBytes' forum brought this new Mac malware to Wardle's attention. A client on that forum had discovered issues on a friend's PCwho had downloaded something new previously. At this point of time the particular infection vector is at present unclear. This Mac malware spreads via malicious email, web securitypopups/warning, or social-engineering sort of attack to victimize all the Mac users.
Inspite of removing DNS entries, the address alters, but these two 18.104.22.168 and22.214.171.124 remain constant. The Malwarebytes software spotted the indication which was reported as "MyCoupon" software which is generally marked as nuisanceware. But the hijacking of the DNS entries indicated something fishy is happening as per the post on zdnet.com dated 15/01/2018.
MaMi isn't sophisticated. The unidentified Mach-O 64-bit execrable has been set as the application version 1.1.0, which recommends the malware is new from development.
A unique root certificate has been installed by the malware in the Mac operating system keychain. Attackers can use these techniques to do several nefarious actions like person-in-the-middle'ing obstruction." Wardle said.
Furthermore, MaMiis able totake screenshots, set-off mouse events, change the cursor position, always restart the system as launch item and download as well as transfer documents, and implement commands. MaMi is the Mac operating system version of malware which is similar to Windows called DNSUnlocker, it uses similar DNS server as well as certificate, analysts said.
Though the infection strategy of this particular Mac malware is constrained to social engineering by deceiving victims for terminating the malware- either distributed through scareware ads or email- the possibilities for being infected with MaMi is moderately less or the senior e-threat researcher of Bitdefender, LiviuArsene, revealed to the SC Media UK. But, antivirus software is now able to identify and block the virus, and 26 in 59 engine will not allow MaMi virus from penetrating the operating system X system.
» SPAMfighter News - 22-01-2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!