
Analyzing a New MacOS DNS Hijacker: OS X/MaMi - Aaronn
https://objective-see.com/blog/blog_0x26.html
======
tinus_hn
It’s unsigned so the only way to run this is by bypassing the blocks on
unsigned code and then dismissing the warning you get. But you can be sure
this is going to be presented as the next MacOS virus that will infect your
machine automatically when you click on a link in an email.

------
Rjevski
I will disagree on the "how do I disinfect myself" part - the only way to
recover from this is to nuke the machine and consider all data it held
compromised.

If this malware found its way onto your machine there's a good chance other,
much nastier malware could've done so as well, not to mention this malware
having functions for running arbitrary AppleScript & shell commands and so can
fully compromise your machine.

~~~
guitarbill
> Q: How do I disinfect myself?

> A: Often malware can install other malware, or allow an remote attacker to
> do what ever they want. Thus if you were/are infected it's suggested you
> fully re-install macOS. However, you can probably get away with simply
> resetting the DNS servers and deleting the malicious certifcate.

So you pretty much agree with most of what he said (in a very succinct
fashion), except his advice is based on research and yours seems to be based
solely on dogma?

------
Aaronn
9to5mac article on this: [https://9to5mac.com/2018/01/15/macos-dns-hijacking-
malware/](https://9to5mac.com/2018/01/15/macos-dns-hijacking-malware/)

