You are here
The Snake Malware is Now Targeting Mac. IT News 

The Snake Malware is Now Targeting Mac.

The Snake Malware is Now Targeting Mac.

This story of “Snake malware” is old, a well-known windows backdoor malware. Now, this malware makes its way in Mac. This “Snake” malware was first found in Windows back in 2008 from where it was ported to Linux systems and now it has hit the Mac.

Disguising itself as Adobe Flash Player Installer, the malicious malware is difficult  to spot. The malware had a valid developer’s certificate and was set to run on MacOS with GateKeeper enabled.

The malware does actually install Adobe Flash Player but with the player, it also installs malware which is dangerous for MacOS. On MacOS, the malware is ported through a .zip file. The file is legitimate but contains a backdoor version of Adobe Flash Player which causes malware to enter the OS without any hurdle.

However, security firm Fox-IT has observed a new variant of Snake aimed at macOS systems, looking to steal sensitive data from the likes of government and corporate MacBooks around the world.

“Researchers who have previously analyzed compromises where Snake was used have attributed the attacks to Russia. Compared to other prolific attackers with alleged ties to Russia…Snake’s code is significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected”.

Fake Flash

The security company found the malware as a fake Adobe Flash Player installer that contains a backdoor to access the machine it’s installed on, and it uses a valid (probably stolen) developer certificate from Apple, meaning it can get around the operating system’s security checks.

This isn’t the first Mac malware we’ve seen perform this trick; far from it. At the beginning of this week there was the Dok Trojan, and back in March we had the Proton malware, both of which managed to conceal themselves with proper code-signed signatures from Apple, enabling their fake installers to avoid being blocked by your system.

As ever it pays to be very careful about the source of your downloads, and about what you install on your PC, whether it’s a Windows, Mac or Linux machine.

“Snake” malware

To check whether your system is infected by the malware or not, You need to run a scan with Malwarebytes for Mac. The Malwarebytes will detect the malware and remove it.

The malware can also be detected manually. It installs below-mentioned components on your system.

  • /Library/Scripts/queue
  • /Library/Scripts/installdp
  • /Library/Scripts/installd.sh
  • /Library/LaunchDaemons/com.adobe.update.plist

Source: Techradar

Related Post