Patrick Wardle: Ay MaMi -› Analyzing a New macOS DNS Hijacker: OSX/MaMi.
Analysis of malware Patrick calls OSX/MaMi. Irritatingly, he presents hashes as screendumps rather than text, but if I have transcribed it correctly it’s SHA-256 5586be30d505216bdc912605481f9c8c7bfd52748f66c5e212160f6b31fd8571, detected at time of writing by 28 out of 58 engines, according to VirusTotal.
NB: VT doesn’t use all the functionality of the engines it uses, so it’s possible that some other engines will block/detect it even though they aren’t yet listed there, but the figures do at least give some idea of how many products have added detection since Patrick originally checked.
*** This is a Security Bloggers Network syndicated blog from Mac Virus authored by David Harley. Read the original post at: https://macviruscom.wordpress.com/2018/01/20/macos-dns-hi-jacker/