The state of Mac malware

“In 2018, the state of Mac malware has evolved, with more and more threats targeting these so-called impervious machines,” Thomas Reed writes for Malwarebytes Labs. “We have already seen four new Mac threats appear. The first of these, OSX.MaMi, was discovered on our forums by someone who had had his DNS settings changed and was unable to change them back.

“The malware that was discovered on his system acted to change these settings and ensure that they remained changed,” Reed writes. “Additionally, it installed a new trusted root certificate in the keychain.”

“These two actions are highly dangerous. By redirecting the computer’s DNS lookups to a malicious server, the hackers behind this malware could direct traffic to legitimate sites, such as bank sites, Amazon, and Apple’s iCloud/Apple ID services, to malicious phishing sites,” Reed writes. “The addition of a new certificate could be used to perform a “man-in-the-middle” attack, making these phishing sites appear to be legitimate.”

“Apple’s macOS includes some good security features that are helpful, but they are easily bypassed by new malware, and they don’t address the adware and PUP problem at all. macOS cannot be considered bulletproof,” Reed writes. “We know that not everyone wants to run antivirus software on their Macs, but if you’re looking for additional protection, Malwarebytes for Mac can help.”

Much more in the full article here.

MacDailyNews Take: Let’s be careful out there.


  1. Recently, someone I know had Apple support recommend MalwareBytes (said Apple is recommending it now). I downloaded and tried it. Once I installed it, ran a scan and deleted the couple adware it found, I could no longer connect to the internet (email, browser, etc..), until I uninstalled the app – then my internet connection worked perfectly again. Quitting out of the app did not restore my internet connection; only uninstalling the app did.

  2. “so-called impervious machines” — nobody with half a brain says Macs are “impervious” (just enormously more secure than Winblows).

    So with the use of that hackneyed phrase, we know we’re probably reading bullshit.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.