He speculated that this malicious hijacking software, like the Mac malware discovered in recent years, required user consent, and producers often resorted to implicit buttons to let users unknowingly recruit Flash Player updates, etc. , But at the moment it’s just a guess at how it’s attacked and it’s not yet known how “MaMi” infects Macs.
Patrick said: OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways.“
“By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads)” or to insert cryptocurrency mining scripts into web pages.
It is unclear exactly how much Mac affects MaMi. If you want to see if your Mac is poisoned, open System Preferences, click Network and check the DNS server ‘s IP address.
OSX/MaMi malware hijacks Mac victim’s DNS servers to 82.163.143.135 and 82.163.142.137. If your Mac was changed by this malware, please change DNS server to Google DNS (8.8.8.8 or 8.8.4.4) or OpenDNS (208.67.2222.222 or 208.67.220.220) to prevent traffic theft and then use antivirus software to thoroughly check the computer again.
Reference: objective-see
