A new malware called MaMi is targeting users of Max OS X. This particular piece of malicious software is what’s known as a DNS hijacker.

The malware appears to be hosted on a number of different sites and may be connected to a program called MyCoupon.

At first, most antivirus programs appeared not to recognize and detect the malware, which security researcher Patrick Wardle says is a reworking of an old piece of Windows malware. It’s believed to get onto your Mac in the usual way, coming in emails or by clicking on unsafe links.

As he dug down into the malware, Wardle discovered it was capable of taking screenshots, generating simulated mouse events, executing commands, and downloading and uploading files. Definitely, something you don’t want happening on your Mac without your consent.

Here’s how to tell if you’ve been affected. Click the Apple icon and choose System Preferences:

mac-system-prefernces

Then choose Network.

apple-network-preferences.jpg

 Select your network, then click Advanced.

apple-network-advanced.jpg

Then click the DNS tab and look at the DNS.  If you see either 82.163.143.135 or 82.163.142.137 as the DNS, you’ve been hijacked. 

apple-dns-servers.jpg

To get rid of it, you’ll need to reset your DNS Server. Click on the unwanted DNS servers and then select the minus button at the bottom of the window. Then choose OK.

apple-dns-servers-minus

That malware will have also installed a security certificate that you need to remove. Search for your Keychain Access app in the Finder and click on the results.

key-guard.jpg

The click System in the Keychain Access app.

key-guard-system.jpg

Look for a certificate called cloudguard with a .me extension. Right-click on it and choose Delete from the pop-up menu.

As antivirus and malware software is updated to find this bug, your third-party software may be able to remove it for you.