macOS DNS hi-jacker

Patrick Wardle: Ay MaMi -› Analyzing a New macOS DNS Hijacker: OSX/MaMi.

Analysis of malware Patrick calls OSX/MaMi. Irritatingly, he presents hashes as screendumps rather than text, but if I have transcribed it correctly it’s SHA-256 5586be30d505216bdc912605481f9c8c7bfd52748f66c5e212160f6b31fd8571, detected at time of writing by 28 out of 58 engines, according to VirusTotal.

NB: VT doesn’t use all the functionality of the engines it uses, so it’s possible that some other engines will block/detect it even though they aren’t yet listed there, but the figures do at least give some idea of how many products have added detection since Patrick originally checked.

David Harley

This is a Security Bloggers Network syndicated blog post authored by David Harley. Read the original post at: Mac Virus