(Trojan.Mac.Dnscha.f, Mac.DnsChange.2, MacOSX/DNS.E)
Increased network activity.
Suspicious websites when browsing the internet.
Please let BitDefender disinfect your files.
Daniel RADU, Senior Virus Researcher
This malware comes usually in the form of disk image for a keygenerator/crack for various applications.
Once mounted the image shows an installer package which contains a malicious bash script.
Upon execution it modifies the system's Domain Name System (DNS) settings to use :
, which means that the attackers could use those dns servers to deliver malware, ads to the infected computer.
It adds a crontab entry that is set to execute a a file named
* %System Root%/Library/Internet Plug-Ins/plugins.settings,
which is just a copy of the malicious bash script.