A new malware called MaMi is targeting users of Max OS X. This particular piece of malicious software is what’s known as a DNS hijacker.
The malware appears to be hosted on a number of different sites and may be connected to a program called MyCoupon.
At first, most antivirus programs appeared not to recognize and detect the malware, which security researcher Patrick Wardle says is a reworking of an old piece of Windows malware. It’s believed to get onto your Mac in the usual way, coming in emails or by clicking on unsafe links.
As he dug down into the malware, Wardle discovered it was capable of taking screenshots, generating simulated mouse events, executing commands, and downloading and uploading files. Definitely, something you don’t want happening on your Mac without your consent.
Here’s how to tell if you’ve been affected. Click the Apple icon and choose System Preferences:
Then choose Network.
Select your network, then click Advanced.
Then click the DNS tab and look at the DNS. If you see either 18.104.22.168 or 22.214.171.124 as the DNS, you’ve been hijacked.
To get rid of it, you’ll need to reset your DNS Server. Click on the unwanted DNS servers and then select the minus button at the bottom of the window. Then choose OK.
That malware will have also installed a security certificate that you need to remove. Search for your Keychain Access app in the Finder and click on the results.
The click System in the Keychain Access app.
Look for a certificate called cloudguard with a .me extension. Right-click on it and choose Delete from the pop-up menu.
As antivirus and malware software is updated to find this bug, your third-party software may be able to remove it for you.