OSX/MaMi (DNSUnlocker)
Happy Aloha Friday Patrons! 2018 is barely two weeks old and already it looks like we've got new piece of Mac malware :(

Yesterday afternoon I got a heads up on something that wasn't being flagged by any anti-virus products (on VirusTotal) but seemed possibly shady. 

Spent the evening digging into it to confirm it was definitely malicious - and decided to blog about my findings. Read: "Ay MaMi - Analyzing a (new?) macOS DNS Hijacker: OSX/MaMi"  In short, the malware will install a malicious certificate and hijack DNS settings to redirect network traffic (perhaps to inject ads, or sniff for credentials). It seems related some Windows malware named DNSUnlocker. 

The good news is, its likely that in order to become infected a Mac user has to be tricked into running some malicious code. Also, I pinged Apple so it's on their radar now too, and AV signatures are starting to trickle in. 

If the malware does persist (it didn't in my VM), tools such as KnockKnock and BlockBlock will detect that. Also LuLu (still in alpha) will detect the outgoing malicious traffic:

Mahalo for your on-going support! 

-patrick