Promenom DNS adresa preusmerava saobracaj preko svojih servera gde moze da kupi razne informacije sa racunara.

“OSX/MaMi isn’t particularly advanced – but does alter infected systems in rather nasty and persistent ways,” Wardle writes.
“By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads)” or to insert cryptocurrency mining scripts into web pages.
Furthermore the malware’s reach is said to extend to things such as generating mouse events, taking screenshots, and more:

  • Taking screenshots
  • Generating simulated mouse events
  • Perhaps persists as a launch item (programArguments, runAtLoad)
  • Downloading & uploading files
  • Executing commands
Potrebno je proveriti sledeca DNS podesavanja posto antivirus jos uvek ne detektuje pomenuti malware.
Currently, you can check to make sure you aren’t affected by launching System Preferences, heading into the Network menu, choosing “Advanced” and toggling over to the DNS menu. On that menu, keep an eye out for 82.163.143.135 and 82.163.142.137.
Izvor vesti: https://9to5mac.com/2018/01/15/macos...cking-malware/
Takodje detaljnije opisano oko pronalazenja DNS adresa na racunaru: https://thehackernews.com/2018/01/ma...acker.html?m=1