New Mac malware hijacks DNS and compromises internet traffic


Mac users haven’t had much good news on the security front early on in 2018, and that unfortunate streak is continuing with the revelation that macOS has been hit by a new strain of DNS hijacking malware (which inflicts more nastiness on the system besides that primary payload).

Named as OSX/MaMi, the malware changes the DNS server settings on the victim’s machine, redirecting their internet traffic through malicious servers designed to steal the user’s sensitive data.

Security researcher Patrick Wardle has looked extensively into MaMi (as spotted by 9 to 5 Mac) and observes that while it isn’t particularly sophisticated, it does more than simple DNS hijacking.

It’s also capable of pulling off tricks like taking screenshots, downloading and uploading files, executing commands, and it installs a new root certificate to facilitate potential man-in-the-middle attacks. It’s pretty bad news all round, really.

Social engineering

How do you get infected? Wardle isn’t certain on this point, but observes that fake emails or social engineering attacks are likely to be involved (both are pretty prevalent vectors these days). The post on Malwarebytes’ forum which pointed out the malware to Wardle showed the infection came from installation of a dodgy program (‘mycoupon’).

Unfortunately, not all antivirus software is currently capable of detecting the malware, although some have been primed to spot it. Hopefully, it shouldn’t be long before all antivirus apps have MaMi on their radar.

To manually check if you’ve been infected, simply look in System Preferences, under the Network pane, click Advanced, and go to the DNS menu. If your DNS settings are set to and, then the malware is at large on your system. Wardle provides further advice in this blog post.

Other Mac malware nastiness we’ve witnessed already this year include a zero-day bug in macOS, and another password login flaw which cropped up last week.

If you’re becoming concerned about the amount of viruses and exploits now targeting Apple’s computers, we’ve got a full guide on how to protect your Mac against malware.

  • A couple of Apple’s MacBooks make our list of best laptops

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).