Yesterday afternoon I got a heads up on something that wasn't being flagged by any anti-virus products (on VirusTotal) but seemed possibly shady.
Spent the evening digging into it to confirm it was definitely malicious - and decided to blog about my findings. Read: "Ay MaMi - Analyzing a (new?) macOS DNS Hijacker: OSX/MaMi" In short, the malware will install a malicious certificate and hijack DNS settings to redirect network traffic (perhaps to inject ads, or sniff for credentials). It seems related some Windows malware named DNSUnlocker.
The good news is, its likely that in order to become infected a Mac user has to be tricked into running some malicious code. Also, I pinged Apple so it's on their radar now too, and AV signatures are starting to trickle in.
If the malware does persist (it didn't in my VM), tools such as KnockKnock and BlockBlock will detect that. Also LuLu (still in alpha) will detect the outgoing malicious traffic:
Mahalo for your on-going support!
Pledge $0 or more per month
Pledge $0.01 or more per month
At this tier you have top priority to win tickets to many of cyber-security conferences I speak at, such as BlackHat, DefCon, and more 🎟️