OSX/MaMi

OSX/MaMi is a browser hijacker that edits your DNS settings for modifying your Web-browsing experience harmfully. OSX/MaMi also includes other features that are suitable for backdoor and spyware-related attacks for giving a remote attacker access to both the PC and its information. The users of the Mac-brand systems should have appropriate anti-malware applications protect their machines and block or uninstall OSX/MaMi when such actions are needed.

A Safari Browsing Experience with a Little Extra

The not-insignificant level of noise made around variants of DNSChanger is, for the most part, confining itself to threats for Windows computers. However, OS X and other, Mac-based environments aren't entirely safe. OSX/MaMi provides more than 'just' a harmfully-edited browsing experience, but also, other attacks of general use to criminals interested in the contents of their victims' PCs and other devices.

OSX/MaMi hijacks the local DNS settings for overall purposes that malware experts have yet to confirm. Such attacks are capable of redirecting the Web browser to a corrupted site (such as a fake bank login page) equally, inserting advertisements for revenue generation, or injecting scripts for loading drive-by-downloads or the mining of cryptocurrency. Infections have some rate of correspondence with the presence of Potentially Unwanted Programs (PUPs) and adware, and the OSX/MaMi's installer may be bundling itself along with other products that the victim installs intentionally.

Besides its flexible, browser-hijacker feature, OSX/MaMi includes multiple functions that malware experts deem as being of even greater security concerns:

• The Trojan may take captures of the screen, which is a commonplace feature for collecting information.
• OSX/MaMi can issue various system commands; for example, it could open a file or delete backups.
• OSX/MaMi may both upload the user's files to another server and download new ones (for purposes such as dropping new threats).
• The program, also, includes a mouse input feature that could be for simulating advertising traffic (which could give the click revenue to the threat actor) or granting a remote attacker improved UI access.

The overall conclusion is that OSX/MaMi is straightforwardly coded relatively but, also, a versatile tool for performing different crimes and attacks.

A PC Security Deal that's Better than Any Coupon

The coexistence of OSX/MaMi alongside 'MyCoupon' Mac-based adware may or may not be significant, and malware researchers have yet to confirm a statistical correlation between the two threats. While the investigation into its infection methods moves forward, Mac users should continue avoiding unsafe websites and file-sharing networks for their downloads, as well as scan any new files before opening them. OSX/MaMi makes few efforts for disguising its executable and current samples lack even a fake signature.

The early reports of the OSX/MaMi's campaign coincided with severely inadequate detection rates of the threat by the AV industry. However, updates over the past few days up to this article's publication date have improved the heuristics for identifying the browser hijacker to roughly fifty percent on an industry-wide basis. In addition to having a competent anti-malware tool uninstall OSX/MaMi, the victims also may need to implement other solutions, and malware experts suggest double-checking the Hosts settings for tampering especially.

OSX/MaMi could be a gateway to something as simple as an advertising fraud or a campaign as complex as hijacking the Mac users' bank accounts. There's may be more to find out about this threat, but, hopefully, the knowledge will not come at the cost of the public's safety or privacy.