Author Topic: DNS changing Malware affects Mac users  (Read 249 times)

xairbusdriver

  • Storm
  • *****
  • Posts: 2076
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.13.4/WC 3.0
DNS changing Malware affects Mac users
« on: January 23, 2018, 04:46:33 PM »
Quote from: TidBITS
OSX/MaMi hijacks macOSís DNS settings to intercept traffic by routing it through malicious servers...But unless you did something to bypass macOSís Gatekeeper security, you likely have nothing to worry about since the malwareís executable isnít signed by Apple.
Quote from: Hacker News
Patrick [Wardle] believes that the attackers could be using lame methods like malicious emails, web-based fake security alerts/popups, or social-engineering type attacks to target Mac users.
Open System Prefs->Network. Click "Advanced" and then the "DNS" tab. Look for:
    82.163.143.135
    82.163.142.137
If you find those IP addresses, you have been infected by the malware. Currently no fix, but you can at least delete those two addresses.
I failed to mention the need to check all your internet access methods: WiFi, Ethernet, etc. WiFi usually has the modem address, 10.0.0.xxx.

elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 4842
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, MacBook Pro (Early 2011)
Thanks for the head's up. (Re: DNS changing Malware affects Mac users)
« Reply #1 on: January 23, 2018, 11:03:39 PM »
Dear X-Air and WeatherCat sys-admins,

Thanks for the head's up.  Indeed most of us are safe from this malware, and sure enough, I double-checked our home network and all is safe and sound.

Cheers, Edouard