Undetectable Malware Hijacks macOS DNS

Undetectable Malware Hijacks macOS DNS

A new, undetectable malware is hijacking DNS setting on macOS, according to The Hacker News.

As yet it is unknown what the specific purpose of the DNS hijack is, though the old standbys of MITM redirects, credential interception, certificate theft and (more recently) crypto-mining are all possibilities. The malware appears to have been detected in a very early state: Researchers report that several other exploits are built into the malware but not yet activated, including the ability to take screenshots, transfer files and activate commands.

The DNS IPs that the malware uses (82.163.142.137 and 82.163.143.135) appear to be static IPs hosted in Israel.

The Hacker News suggests Mac users check their DNS settings for changes and install an application layer firewall (like LuLu) to block suspicious activity.