- Aug 2, 2015
- 4,286
By: Roland Moore-Colyer
MORE SECURITY PROBLEMS for Apple as fresh malware has been found that evades anti-virus software to snoop on macOS users' internet traffic.
The malware was discovered by a Malwarebytes forum user going by the name of MikeOfMaine, who noted that there was something changing the domain name service (DNS) of his friend's Mac.
It turns out that the malware is similar to the DNSChanger malware that infected a host of computers in 2012. It works by changing the DNS server setting of an infected machine to route traffic through a hacker's server of choice where they can snoop on it.
Security researcher and ex-NAS hacker Patrick Wardle from Mac security tool specialist Objective-See investigated the malware and dubbed it 'OSX/MaMi'.
He noted that the malware is indeed a DNS hijacker and it invokes security tools to install a new root certificate to try and intercept encrypted communications as well as data that's not protected.
OSX/MaMi isn't particularly advanced - but does alter infected systems in rather nasty and persistent ways," said Wardle.
"By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle'ing traffic (perhaps to steal credentials, or inject ads)" or to insert cryptocurrency mining scripts into web pages."
Alongside traffic interception, the malware, which appears to be in its initial stages, can take screenshots, download and upload files, execute commands, generate simulated mouse events and potentially persist as a launch item.
At the time of writing, it doesn't look like anti-virus tools will defend Macs against the malware. However, now that it's been brought to light we would expect updates to be pushed put for macOS security tools to defend against the malware.
In the meantime, Wardle suggests the following fix for infected machines.
"Often malware can install other malware, or allow an remote attacker to do what ever they want. Thus if you were/are infected it's suggested you fully re-install macOS. However, you can probably get away with simply resetting the DNS servers and deleting the malicious certificate," he explained.
Macs are generally less vulnerable to malware than Windows machines but as they grow in popularity we can expect malware to keep trying to pry open Cupertino's slick software.
And it would be go no harm for Tim Cook and crew to shore up macOS defences particularly after some embarrassing bugs cropped up in High Sierra.
MORE SECURITY PROBLEMS for Apple as fresh malware has been found that evades anti-virus software to snoop on macOS users' internet traffic.
The malware was discovered by a Malwarebytes forum user going by the name of MikeOfMaine, who noted that there was something changing the domain name service (DNS) of his friend's Mac.
It turns out that the malware is similar to the DNSChanger malware that infected a host of computers in 2012. It works by changing the DNS server setting of an infected machine to route traffic through a hacker's server of choice where they can snoop on it.
Security researcher and ex-NAS hacker Patrick Wardle from Mac security tool specialist Objective-See investigated the malware and dubbed it 'OSX/MaMi'.
He noted that the malware is indeed a DNS hijacker and it invokes security tools to install a new root certificate to try and intercept encrypted communications as well as data that's not protected.
OSX/MaMi isn't particularly advanced - but does alter infected systems in rather nasty and persistent ways," said Wardle.
"By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle'ing traffic (perhaps to steal credentials, or inject ads)" or to insert cryptocurrency mining scripts into web pages."
Alongside traffic interception, the malware, which appears to be in its initial stages, can take screenshots, download and upload files, execute commands, generate simulated mouse events and potentially persist as a launch item.
At the time of writing, it doesn't look like anti-virus tools will defend Macs against the malware. However, now that it's been brought to light we would expect updates to be pushed put for macOS security tools to defend against the malware.
In the meantime, Wardle suggests the following fix for infected machines.
"Often malware can install other malware, or allow an remote attacker to do what ever they want. Thus if you were/are infected it's suggested you fully re-install macOS. However, you can probably get away with simply resetting the DNS servers and deleting the malicious certificate," he explained.
Macs are generally less vulnerable to malware than Windows machines but as they grow in popularity we can expect malware to keep trying to pry open Cupertino's slick software.
And it would be go no harm for Tim Cook and crew to shore up macOS defences particularly after some embarrassing bugs cropped up in High Sierra.
