Undetectable Malware Hijacks macOS DNS
A new, undetectable malware is hijacking DNS setting on macOS, according to The Hacker News.
As yet it is unknown what the specific purpose of the DNS hijack is, though the old standbys of MITM redirects, credential interception, certificate theft and (more recently) crypto-mining are all possibilities. The malware appears to have been detected in a very early state: Researchers report that several other exploits are built into the malware but not yet activated, including the ability to take screenshots, transfer files and activate commands.
The DNS IPs that the malware uses (22.214.171.124 and 126.96.36.199) appear to be static IPs hosted in Israel.