Macs Infected by Windows Malware Disguised as Flash
Toggle Dark Mode
Mac users beware: an infamous and sophisticated Windows malware has made its way to macOS, and it could infect your machine via a common outlet.
The backdoor malware — known as Snake, Turla, or Uroburos — has been infecting Windows machines since at least 2008. Three years ago, it was ported to Linux systems, and now, it has just been adapted to infect Mac users, according to a MalwareBytes blog post. A highly sophisticated malware, it’s thought to have been created by the Russian government, and according to security firm Fox-IT, it’s been used to attack high-profile targets such as large corporations, as well as military and government institutions.
The Mac version of Snake was first spotted by Fox-IT in a file named Install Adobe Flash Flash Player.app.zip. This indicates that, like many other malware before it, the Mac version of Snake masquerades as a Flash installer. In fact, the fraudulent app actually does install Flash — but it is signed with an illegitimate Apple certificate. This certificate allows it to bypass Gatekeeper, at which point it will ask for your system’s password. From here, the process looks like a normal Flash installation, but will also install malicious software onto your machine. Once it’s on your machine, Snake allows attackers to steal your sensitive data — including unencrypted files, login credentials and passwords.
While many Mac users may still believe that their machines are relatively safe from viruses and trojans, this is becoming increasingly untrue. Backdoors can easily be passed onto unsuspecting users via social engineering — like a convincing email ostensibly from your IT department, for example. And because Snake looks like a standard Adobe launcher once it’s installed, it can easily go undetected by the average user. Luckily, Apple has already revoked the certificate tied to this particular version of Snake, but a new iteration with a different certificate is always a possibility. Similarly, this version can still infect your machine is downloaded from a source that doesn’t quarantine flag it — such as most torrent apps and services.
Ways to Protect Your Mac
- Your best bet in avoiding Snake and other malware is to only download software and files via the Mac App Store or from trusted developers.
- If you think you’ve been infected with Snake, download an antivirus software (MalwareBytes can already detect and remove it).
- Additionally, ensure your accounts are secure by changing your password or enabling two-factor authentication.