By GoldSparrow in Mac Malware, Trojans

OSX/MaMi is a browser hijacker. OSX/MaMi will hijack the DNS address processing, which forces the victims' computers to connect to unwanted websites. OSX/MaMi targets computers running the Mac OS operating system. OSX/MaMi was first observed in January 2018 and seemed to be distributed through pop-up messages advertising bogus anti-virus software and fake Web browser updates. OSX/MaMi changes the infected computer's Internet access configuration to route the victim's online activities through the criminals' servers. This allows criminals to intercept the victim's data or redirect the victim's computer to corrupted or potentially unsafe websites.

What Makes OSX/MaMi to be Unsafe?

OSX/MaMi lacks a digital signature and installs a root certificate titled 'cloudguard.me' associated with the company 'GreenTeam Internet, Ltd.' OSX/MaMi changes the victim's DNS configuration to the following DNS servers:

OSX/MaMi also will often be associated with a backdoor and spyware component, which may allow these criminals to take control of the infected computers or gain access to data on the infected computer automatically. OSX/MaMi is not sophisticated particularly and is nearly identical to countless other threats, but does pose a special threat because of the relative lack of threats that target computers running the Mac OS exclusively.

How OSX/MaMi Enters a Computer

At this time it is not certain if there is one particular way in which OSX/MaMi is being distributed. Threats like OSX/MaMi are commonly delivered through malicious emails, online pop-ups or social engineering attacks. Typically, taking precautions online and learning to disregard potentially unsafe content is essential to avoid threats like OSX/MaMi. Once OSX/MaMi has been installed, the criminals can carry out a variety of tactics. The most common way in which browser hijackers like OSX/MaMi are used is by taking control of the victim's computer and forcing it to visit websites containing compromised content, advertisements and other unwanted data. Threats the like OSX/MaMi also can take over a computer and allow criminals to intercept private communications, such as online banking data, or carry out phishing attacks or similar tactics designed to take control of the victim's finances or other data.

Recognizing an OSX/MaMi Infection

If your computer's DNS settings have been changed to and, then it is certain that your computer has been infected. This can be checked via the terminal or through the Network pane in the computer's preferences. The corrupted certificate linked to OSX/MaMi, which will appear in the System Keychain, is also a certain sign that your device has been infected with OSX/MaMi. It is typical that OSX/MaMi will deliver other malware in its attack so that just resetting DNS servers and deleting content associated with OSX/MaMi may not be enough to make sure that your computer is safe completely. It may be required to reinstall your operating system and perform full scans of your computer with a reliable, fully updated anti-malware program.

Protecting Yourself from OSX/MaMi and Similar Threats

The vast majority of malware threats affect computers running the Windows operating system. The fact that OSX/MaMi targets the Mac OS systems makes it especially threatening since computer users of these systems are less likely to expect malware infections. One easy way to ensure that your computer is safe from threats like OSX/MaMi is by making sure that your computer's settings only allow the installation of certified software from secure developers. It is also required to use anti-malware or anti-virus software, which can help prevent threats like OSX/MaMi from gaining traction before they can cause any long-term damage. Regularly scanning your computer and taking precautions when downloading or accessing online content are important even for the Mac OS users who may think that they are safe simply because their computer uses the Mac OS operating system mistakenly.


Most Viewed