Security advisories

OSX/MaMi Malware

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

A new malware branded as OSX/MaMi has been actively targeting Mac OS X devices in the wild. This malware uses a technique known as DNS hijacking, which allows the attacker to change a user’s DNS settings, redirecting the internet traffic from the infected device to the attacker. DNS hijacking is used to carry out Man-in-the-Middle (MITM) attacks which can result in information theft, malicious ads or crypto-miners being injected into web traffic. In order to intercept encrypted traffic and maintain persistence on infected devices, OSX/MaMi also installs a new root certificate. Currently, the means of infection remains unknown.

OSX/MaMi appears to be in its development stage. Analysis of the malware showed various other capabilities that have not yet been activated. Future versions of OSX/MaMi are expected to enable the attacker to take screenshots, simulate mouse events, persist as a launch item, download and upload files and execute commands.

What we’re doing about it

Additional information

See the following information for indicators of compromise and additional technical details

Known Malicious SHA-1 hashes:

Known Malicious MD5 hashes:

Infected systems are known to reach out to the following addresses:

For additional information, please see the initial disclosure report [1]. https://objective-see.com/blog/blog_0x26.html

View Most Recent Advisories