Posted by: David Harley | January 20, 2018

macOS DNS hi-jacker

Patrick Wardle: Ay MaMi -› Analyzing a New macOS DNS Hijacker: OSX/MaMi.

Analysis of malware Patrick calls OSX/MaMi. Irritatingly, he presents hashes as screendumps rather than text, but if I have transcribed it correctly it’s SHA-256 5586be30d505216bdc912605481f9c8c7bfd52748f66c5e212160f6b31fd8571, detected at time of writing by 28 out of 58 engines, according to VirusTotal.

NB: VT doesn’t use all the functionality of the engines it uses, so it’s possible that some other engines will block/detect it even though they aren’t yet listed there, but the figures do at least give some idea of how many products have added detection since Patrick originally checked.

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: