Author Topic: DNS changing Malware affects Mac users  (Read 1298 times)

xairbusdriver

  • Storm
  • *****
  • Posts: 3126
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.15.7/WC 3.0.5
DNS changing Malware affects Mac users
« on: January 23, 2018, 04:46:33 PM »
Quote from: TidBITS
OSX/MaMi hijacks macOS?s DNS settings to intercept traffic by routing it through malicious servers...But unless you did something to bypass macOS?s Gatekeeper security, you likely have nothing to worry about since the malware?s executable isn?t signed by Apple.
Quote from: Hacker News
Patrick [Wardle] believes that the attackers could be using lame methods like malicious emails, web-based fake security alerts/popups, or social-engineering type attacks to target Mac users.
Open System Prefs->Network. Click "Advanced" and then the "DNS" tab. Look for:
    82.163.143.135
    82.163.142.137
If you find those IP addresses, you have been infected by the malware. Currently no fix, but you can at least delete those two addresses.
I failed to mention the need to check all your internet access methods: WiFi, Ethernet, etc. WiFi usually has the modem address, 10.0.0.xxx.
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system


elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 6494
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, Mac mini (2018), macOS 10.14.3, WeatherCat 3
Thanks for the head's up. (Re: DNS changing Malware affects Mac users)
« Reply #1 on: January 23, 2018, 11:03:39 PM »
Dear X-Air and WeatherCat sys-admins,

Thanks for the head's up.  Indeed most of us are safe from this malware, and sure enough, I double-checked our home network and all is safe and sound.

Cheers, Edouard