Security researcher finds new Mac malware

Macs increasingly targeted by hackers

A security researcher has found what he claims is a devastating form of malware that's ripping its way across Apple's computing platform.

Cyber criminals are tapping into a new rogue app that allows them to prey on victim's computers and steal personal data. They can also perform a string of nasty tasks without users knowing, the researcher claims.

The worrying part is that most popular antivirus applications are unable to identify the malware, and it poses a great threat to MacOS users who may believe that their systems are safe from cyber attacks.

According to The Hacker News, the malware is dubbed OSX/MaMi and works in a similar away to DNSChanger. Back in 2012, the latter compromised millions of systems.

Although there are fears that many users wouldn't notice this threat, a Malwarebytes forum user has found ways to detect the malware. You'd just have to come across the following addresses in your DNS settings: 82.163.143.135 and 82.163.142.137.

When attackers install the malware, they can send your computer's traffic to a string of dodgy servers and get access to sensitive information.

After analysing the malware, Patrick Wardle - a former hacker at the NSA - found several other capabilities. He said the programme can generate a new route certificate that accesses encrypted communications.

"OSX/MaMi isn't particularly advanced - but does alter infected systems in rather nasty and persistent ways," he said.

"By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle'ing traffic (perhaps to steal credentials, or inject ads)."

The malware can also distribute cryptocurrency mining scripts, take screenshots, download and upload files, and conduct mouse events.

Surprisingly, attackers aren't being especially creative when it comes to distributing the malware. Instead, they're using traditional phishing campaigns and social engineering, added Patrick.

This is thought to be a good thing, though, because it's generally harder to launch a mass attack through these means. However, Patrick explained that 59 antivirus programmes are unable to detect the malware right now.