Windows 'Snake' Malware Ported to Mac, Imitates Adobe Flash Player Installer

[MacRumors]

Well-known Windows backdoor malware "Snake" has been ported to the Mac for the first time, according to MalwareBytes. Described as "highly-sophisticated," Snake (also called Turla and Uroburos) has been infecting Windows systems since 2008 and was ported to Linux systems in 2014 before making its way to the Mac.

The Snake malware was found earlier this week in an installer masquerading as Adobe Flash Player, buried inside a file named "Install Adobe Flash Player.app.zip." It is designed to look like a legitimate Adobe Flash installer, but is signed by an illegitimate certificate.

It does, actually, install Adobe Flash Player, but it is accompanied by additional software that is malicious and designed to provide a backdoor into the Mac. The malicious files are well hidden in the /Library/Scripts/ folder and disguised as an Adobe launch process.

In all, this is one of the sneakier bits of Mac malware lately. Although it's still "just a Trojan," it's a quite convincing one if distributed properly. Although Mac users tend to scoff at Trojans, believing them to be easy to avoid, this is not always the case.

Apple already revoked the certificate that the Snake malware was using to infect Mac machines, but another iteration could pop up, so Mac users should be aware of the possibility.

Those infected by Snake are vulnerable to having data stolen, including login information, passwords, and unencrypted files.

To avoid malicious software, Apple recommends downloading content only from the Mac App Store or from trusted developers.

Article Link: Windows 'Snake' Malware Ported to Mac, Imitates Adobe Flash Player Installer

 

[motm95]

Mistake number one: installing Adobe Flash to begin with.

 

[Olz]

Mistake number one: installing Adobe Flash to begin with.

Amen to that, these days it's just not necessary.

 

[bluechipBMW]

Damm...I think my mac is a victim! Any suggestions on how to get rid of it?

 

[TMRJIJ]

Yet another reason not to install Flash.

 

[imran5720]

SO how do we find and remove it?

 

[VulchR]

I would have thought by now there would have been AI routines that could be used in the OS to help block this sort of thing. Also, it doesn't help that programmers have a tradition of naming files in an inscrutable way. Some sort of naming convention should be required, so that picking up malware is easier.

 

[dschulian]

People still installing Flash?

 

[macduke]

Apple should take a page out of Microsoft's book and lock down macOS to be App Store only like Windows 10 S.

/s

 

[redheeler]

Damm...I think my mac is a victim! Any suggestions on how to get rid of it?

Run Malwarebytes.

 

[Breaking Good]

Amen to that, these days it's [Adobe Flash] just not necessary.

Sadly, I run into a number of Computer-based Training courses that still use it.

 

[Olz]

I feel like the people that wrote this malware wasted their time, all they needed to do was force people to install Flash...there are already enough backdoors in that to do what you want with, without adding extra ones.

 

[ghostface147]

So I've talked to people about this in the past, but I wonder how much of an issue this malware would be if PowerPC was still around. I wonder how much trouble it would have been to port to a RISC architecture.

 

[redheeler]

Sadly, I run into a number of Computer-based Training courses that still use it.

It's better to just use Google Chrome for anything specific that still needs Flash. No need to run the installer.

With the amount of people using mobile devices these days, requiring Flash is quite a handicap for web-based content. But certain areas are always behind in updating to newer standards.

 

[talonblade]

Apple should take a page out of Microsoft's book and lock down macOS to be App Store only like Windows 10 S.

/s

They pretty much did. That is the default anyway. It can be changed by the user though, or exceptions can be made. Still

 

[Vanilla35]

People still installing Flash?

Websites still require it. Youtube still runs better with it. Chrome (very common browser) still comes with it by default - which means it will continue to be utilized. Having it come built in can help avoid this type of situation to some degree.

 

[redheeler]

They pretty much did. That is the default anyway. It can be changed by the user though, or exceptions can be made. Still

Default is "App Store and identified developers", so signed apps can be installed from outside the App Store.

But freeware developers who can't pay the $99/year fee for a certificate still get screwed by that, unfortunately. I suppose it can be argued the increased security is worth it for average Mac users, but I always have mine set to allow from anywhere.

 

[ogremoustro]

SO how do we find and remove it?

Malwarebytes for macOS worked for me.

 

[StevieD100]

Mistake number one: installing Adobe Flash to begin with.

No, the mistake is Adobe's for not retiring it sooner. I refuse to use Flash on anything but a Windows 7 VM that is restored after use.
Sadly, far too many sites are totally dependant upon this POS. Die flash die!

 

[xxray]

For all of those saying it's dumb to install flash, I have to for my homework and online classes for my university. I'd love to give it up, but some of us just don't have the option to.

 

[Wayfarer]

But wait, I thought Macs don't get viruses???

Apple is doomed. Steve never would have allowed this!

 

[Sasparilla]

So I've talked to people about this in the past, but I wonder how much of an issue this malware would be if PowerPC was still around. I wonder how much trouble it would have been to port to a RISC architecture.

It probably would have taken a minimal amount effort (recompile for x86/x64 / retarget) - if the gold pot is big enough they're going to come.

My wife is involved with creating training and the education system is loaded with Flash Player requirements...its bad. Am going to run malwarebytes on her machine tonight.

 

[redheeler]

Youtube still runs better with it.

On my Late 2006 iMac running 10.8.5 I do use the Flash Player YouTube instead of Firefox's HTML5 because the latter is so heavy and sometimes won't even work. But most of the time, I use alternative methods of playback like PPC Media Center + Quicktime Player, YouTube extension for Kodi. When I boot into Linux, I use Google Chrome's HTML5 player (which works better than Flash Player on OS X).

For most people on modern or semi-modern hardware/software, there isn't any reason to use Flash over HTML5.

 

[InfoTime]

But wait, I thought Macs don't get viruses???

This isn't a virus.

 

[Chaos215bar2]

For all of those saying it's dumb to install flash, I have to for my homework and online classes for my university. I'd love to give it up, but some of us just don't have the option to.

Why not just use Chrome? If you're going to use Flash, I'm not sure there's a more secure way to do it than via a browser that self-updates and includes the plugin by default.

That, or you could make it as much of a headache for the IT support staff at your university to "fix" you Flash installation. Maybe the right people will get the point eventually…