“‘2018 is barely two weeks old, and already it looks like we’ve got new piece of macOS malware! Hooray :),'” Paul Wagenseil reports for LAPTOP. “That’s how Apple-focused security researcher Patrick Wardle opened a blog post yesterday (Jan. 11) detailing what Wardle calls ‘MaMi,’ a stealthy DNS hijacker that reroutes your internet traffic to possibly malicious websites. MaMi also has abilities that haven’t yet been activated: It can steal passwords, take screenshots, download files and programs, run other pieces of software and inject bogus security certificates.”
“To see whether your Mac was infected by MaMi, go to System Preferences, click on the Network section and check the IP address of your DNS server. If it’s ‘220.127.116.11’ or ‘18.104.22.168,’ then you’ll need to change it to something benign, such as Google’s 22.214.171.124 or 126.96.36.199 or OpenDNS’s 208.67.2222.222 or 188.8.131.52,” Wagenseil reports. “Notice we said ‘was’ infected. The MaMi sample that Wardle found deleted itself after changing the DNS settings on his test machine, so even if you found a smoking-gun DNS setting, the malware that did it may be long gone.”
“To prevent infection by MaMi, use common sense. Every piece of Mac malware found in recent years has required user approval, presumably unwitting, to be installed,” Wagenseil reports. “So don’t authorize that Adobe Flash Player update, that video player you apparently need to see a clip of a naked celebrity, or that antivirus software that showed up in a pop-up window telling you your Mac was infected.”
Read more in the full article here.
MacDailyNews Take: Check your DNS settings ASAP!
Note: Apple Airport users on Wi-Fi can use their Mac’s AirPort Utility to see their routers’ DNS server addresses by clicking/tapping “Internet.”