Windows 'Snake' Malware Ported to Mac, Imitates Adobe Flash Player Installer

[Eric5h5]

Although Mac users tend to scoff at Trojans, believing them to be easy to avoid, this is not always the case.

It certainly is in this case...most people would avoid it even if it wasn't malware....

So I've talked to people about this in the past, but I wonder how much of an issue this malware would be if PowerPC was still around. I wonder how much trouble it would have been to port to a RISC architecture.

Probably zero trouble, since it's unlikely the source code has anything that's concerned with endianness. You should understand that mostly you program for OS APIs, not a CPU architecture.

--Eric

 

[Larry The L]

Amen to that, these days it's just not necessary.

Why do you think you speak for everyone? Such arrogance. I would rather not have to use Flash. But my livelihood requires software that uses Flash. Should I give up my income so I can stand with you again all the evil in the world and proclaim that I don't use Flash. I'll make you a deal. You support me and I'll stop using Flash. Interested? Didn't think so. So just stop proclaiming that you know what is best for everyone based upon what works for you. Sheeeesh.

 

[coolfactor]

Malwarebytes for macOS worked for me.

Until there's a compromised version of Malwarebytes.

 

[Ynot]

Ummm, you realize that the malware creators could have easily disguised it as any other "legit-looking" established software, right?

Not that I'm defending Flash, which is turd software. But Flash was just a convenient "disguise". The malware makers could have just as easily disguised it as Open Office download. Or even a free demo game from Aspyr Media.

Other Candidates that are Infection Vectors are DIVX. This is used to catch the one or other Sports Fan looking for a DRM Free Broadcast of his Favourite Team, after being successful in finding the Stream on a Russian or Chinese Server He is informed that he has to update or just plain Install the newest version with the convenient Link made available. After that the stream works and the Happy customer gets to see his game he dose not realise that he is owned.

The second was Java on the Mac. This is no longer as often since Java has gone to add its own Malware if you forget to uncheck the box you get the Yahoo Plugin as a Banner.

There are a number of GlitHub Software Packages and Tools which have been compromised and have additional payloads.

Most Trojans for the Mac and most likely The PC can be found under Big Green Download Buttons.

If you are going to load Software from sources outside the App Store than try to at least load the software from the Original Developer Page and not from other depositories.

 

[coolfactor]

Why do you think you speak for everyone? Such arrogance. I would rather not have to use Flash. But my livelihood requires software that uses Flash. Should I give up my income so I can stand with you again all the evil in the world and proclaim that I don't use Flash. I'll make you a deal. You support me and I'll stop using Flash. Interested? Didn't think so. So just stop proclaiming that you know what is best for everyone based upon what works for you. Sheeeesh.

I think it's important to recognize that what's best and what's necessary are two different things. It would be best to not have to run Flash, but it's necessary for you.

Is your industry adapting, though? Because Flash is dying, and you wouldn't want your income to go with it.

 

[rictus007]

People what is wrong??? Where are the posts blaming Tim Cook for this?

 

[Solomani]

People what is wrong??? Where are the posts blaming Tim Cook for this?

This is Tim Cook's fault.

And that hispanic guy getting violently dragged out of the Delta flight? That was Tim's fault too.

 

[netwalker]

Apparently nobody here has a parent with a Mac who his constantly being phished and hunted by these types of scams.

Then don't give those parents admin rights and be willing to keep their software up-to-date regularly. If they don't want that and if they are not willing to learn from previous mistakes, then it is their own responsibility. When mine went to Windows and Android, my support contract ended.

 

[MikeAnd]

It does, actually, install Adobe Flash Player, but it is accompanied by additional software that is malicious and designed to provide a backdoor into the Mac.

So if your machine starts to really slow down after getting infected, it's probably because they installed a real copy of Adobe Flash Player, not because of the malware payload itself.

 

[macduke]

They sort of have. But unlike MS, they respect their users, and expect them to have brains, so they let them circumvent those measures in macOS.

 

[CrystalQuest76]

There was a time that Flash was great; back when it was used for creating animations. then Adobe made it do a bunch of other things.

 

[apolloa]

Hmmmmm this is not good.... also you still need flash to play some embedded videos I think?

 

[MrX8503]

Steve Jobs saw the issue a mile away. When he realized the CEO of Adobe was difficult to speak with, he knew that it wasn't a software issue, but a leadership issue. He dropped Flash because of that and look at where we are today.

I have Chrome on standby if I absolutely need Flash.

 

[KALLT]

p.s Is that Malwarebytes "anti-viral" thing legit itself? Or does it do more harm to your Mac than good? Not sure what to think of it.

Unlike the Windows version(s), it is only a malware/adware removal tool. It was developed independently by a reputable security blogger and later rebranded into Malwarebytes when he started working with/for them. You have to run it yourself, it doesn’t do much in the background.

 

[stiligFox]

So I've talked to people about this in the past, but I wonder how much of an issue this malware would be if PowerPC was still around. I wonder how much trouble it would have been to port to a RISC architecture.

It would've been pretty RISCy.

 

[flyinmac]

Also, it doesn't help that programmers have a tradition of naming files in an inscrutable way. Some sort of naming convention should be required, so that picking up malware is easier.

Yes... it would be convenient if there was a conventional naming system for file names.

For example:

Legitimate software:

MS-Office-14-Legitimate.dmg

MacOS-Sierra-Legitimate.dmg

Adobe-Flash-Mac-Legitimate.dmg

VS. naming for Malware:

MS-Office-14-Malware.dmg

MacOS-Sierra-Malware.dmg

Adobe-Flash-Mac-Malware.dmg

Yes, a naming standard would help. Lol.

 

[Vanilla35]

On my Late 2006 iMac running 10.8.5 I do use the Flash Player YouTube instead of Firefox's HTML5 because the latter is so heavy and sometimes won't even work. But most of the time, I use alternative methods of playback like PPC Media Center + Quicktime Player, YouTube extension for Kodi. When I boot into Linux, I use Google Chrome's HTML5 player (which works better than Flash Player on OS X).

For most people on modern or semi-modern hardware/software, there isn't any reason to use Flash over HTML5.

If you have to do any workaround whatsoever, then flash isn't ready to be replaced yet.

Aside from that, I completely agree. Flash blows.
[doublepost=1494025892][/doublepost]

"Websites require it". You mean "****** websites from the 60s require it"

"Chrome comes with it" but keeps it updated, so no need to install it SYSTEM WIDE.

Modern browsers have native h264 support. Hardware accelerated. YouTube runs very nice without Flash.

Flash is a ****** software that needs to get an EOL.

You mad bro?

My point is that if it's still the norm, it will continue to be the norm. When flash is not included in ALL modern browsers and ALL websites are still able to run smoothly, then it will no longer be necessary. Can you get away without flash nowadays? Yes, more than ever.

 

[OLDCODGER]

If the answer to this disease is to use Google Chrome ..... we're in deep do-do!

 

[Speechless]

How else will I watch porn?

I came here to say this exact thing.

 

[blesscheese]

To all the readers saying why even use flash, unfortunately McGraw-Hill (majority of my classes in my university have books with this textbook publisher) requires flash for homework, viewing lectures, and even viewing the book. This is something we face even when viewing lectures through our university's hosting.

That...is reason #547 why I hate big text book publishers. I won't bore you with all the other reasons.

In general, if you *have* to run Flash, the best way to do so is inside the Google Chrome browser, since the Flash player is sandboxed, but even Google is starting to move away from supporting Flash. See:
https://www.theverge.com/2016/12/9/13903878/google-chrome-block-flash-html5

 

[2010mini]

Removed flash from my Mac years ago and never looked back. This unfortunately will only affect people who still insist on installing popular software for third party sources. If you insist on using flash, get it from the official site.

 

[redheeler]

If you have to do any workaround whatsoever, then flash isn't ready to be replaced yet.

Aside from that, I completely agree. Flash blows.

Flash is ready to be replaced, because the iMac I have to do the workarounds on is ready to be replaced. It's a 2006 model, after all. Just trying my best to keep it relevant with the workarounds.

Wouldn't think of using Flash Player YouTube on my modern Macs or even 2006 Mac Pro running El Capitan.

 

[gnasher729]

My wife installed a fake adobe flash player a few weeks back on her iMac and promply started freaking out when things started popping up that she didn't recognize. I did my best to uninstall everything that had been installed in the last hour, ran malware bytes and otherwise tried to clean things up but who knows if I got it all.

I immediately turned the software gate back on to try to avoid it in the future.

That's what Time Machine is for.

 

[KALLT]

In general, if you *have* to run Flash, the best way to do so is inside the Google Chrome browser, since the Flash player is sandboxed

Safari sandboxes Flash too. There is no reason to install Chrome just for this. Besides, this malware is a forged software installer. It has nothing at all to do with Flash itself.

 

[mandrake2016]

Install VirtualBox and a free Windows VM to sandbox Flash (or all of Adobe products, tbh). I'm stuck using FedEx PrintOnline as awful as it is, but I have no alternative.