Chapter in this post:
In addition to the confusing security gap communicated by Deutsche Telekom bone 6 there is currently another security warning for networks. Like security researcher Patrick Wardle in his Blog shows, so can the MaMi or OSX / MaMi Manipulate the named malware DNS settings and cause further damage. MaMi primarily attacks Apple Mac systems and the networks / servers built up with them. The malware is supposed to be based on the Windows malware DNSUnlocker based. I have summarized the details for you below.
The malware called MaMi is said to be able to change settings in the DNS (Domain Name System) area in Apple operating systems such as Mac OS X and macOS. First reports on the threat should be posted in the forum of Malwarebytes which Wardle used as a guide in his investigations. Here are a few findings from the analysis of the "macOS DNS Hijacker":
OSX / MaMi is not very well developed - but it changes infected systems in a rather ugly and persistent way. By installing a new root certificate and hijacking the DNS server, the attacker can perform a number of malicious actions, such as man- in-the-middle actions in the traffic (to possibly steal authorizations or insert advertising. (Translation of the "Conclusions" from the blog post linked above)
Inset - more interesting posts on the blog:
This is currently unknown. Nevertheless, it is possible that the attackers use methods such as e-mails, web-based fake security warnings or pop-ups or even social engineering attacks to target Mac users.
Look in the DNS settings and check whether they have been set to 22.214.171.124 and / or 126.96.36.199. It also examines the system for the malicious cloudguard.me certificate.
The safest way to do this is to reinstall macOS. Once the malware was on it, it is possible that it installed additional malware or gave access to a third party. Removing individual files, certificates, etc. doesn't help much. However, the first thing you should do is remove the files and reset the DNS server.
Maybe. However, MaMi is a relatively new threat. The blog entry linked at the beginning recommends tools that can detect and block outgoing traffic. So you can create a firewall that weakens attacks.
The name is not based on other malware called DNSChanger or the like, but was named after a core class called "SBMaMiSettings". Details can be found in the detailed guide on the subject by Patrick Wardle on the Objective See Blog.
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.