Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals

ExtraBITS for 22 January 2018

In ExtraBITS this week, Apple has been hit by a double dose of bad: a new form of DNS hijacking malware that targets the Mac and another crashing link bug for Messages in both macOS and iOS.

Mysterious DNS Hijacking Malware Targets Mac Users — A new piece of Mac malware is making the rounds. OSX/MaMi hijacks macOS’s DNS settings to intercept traffic by routing it through malicious servers. Additional capabilities, which didn’t seem to be active in the version that researcher Patrick Wardle analyzed, including taking screenshots, generating simulated mouse events, persisting as a launch item, downloading and uploading files, and executing commands. The motive, author, and how OSX/MaMi is spread are currently unknown, and when the Hacker News article was published, antivirus apps
weren’t able to detect it. To see if you’re infected, check your DNS settings in System Preferences > Network, and look for the DNS servers 82.163.143.135 and 82.163.142.137. But unless you did something to bypass macOS’s Gatekeeper security, you likely have nothing to worry about since the malware’s executable isn’t signed by Apple.

Read/post comments

Messages App Plagued by Another Crashing Link Bug — Twitter user Abraham Masri has discovered a Web link that, when opened in the Messages app on iOS or macOS, causes freezing, crashing, battery issues, and other nasty behavior. This isn’t the first time that a rogue link or piece of text has broken one of Apple’s apps. Apple will likely release a fix soon.

Read/post comments

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.