Skip to main content
  1. Home
  2. Computing
  3. News

Snake, the latest MacOS malware, makes its way over from Windows

Mark Coppock
By

exploit
Image used with permission by copyright holder
Increasingly, the idea that MacOS does not suffer from the same malware threats as Windows is going out the window. MacOS suffers from some of the same kinds of attacks which make their way over from Windows.

One recently discovered example of a cross-platform attack is a fake Adobe Flash Player installer that bypasses the Gatekeeper feature introduced in MacOS Lion. Dubbed “Snake,” the malware injects malicious backdoor files into the MacOS file system, makes them persistent, and then uses them to access and pass along sensitive materials, the Fox-IT blog reports.

Recommended Videos

Gatekeeper uses a certificate-based system to differentiate between apps installed from the presumably secure Mac App Store and apps that users might want to install from outside that walled garden. If an application has a legitimate Gatekeeper certificate, the theory goes, then users can trust that the app is safe. Snake leverages this system by using a valid developer certificate that is likely stolen from a legitimate developer.

Related

According to Fox-IT, Snake could be tied to Russian hackers and is highly targeted at government and military institutions and large companies. It has been around on Windows for years and a version was ported to Linux in 2014. Now, the malware can infect MacOS machines using essentially the same framework that Fox-IT describes as “significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected.”

Interestingly, Snake does actually install the Adobe Flash Player but at the same time, it installs backdoor code that is kept as persistent by Apple’s LaunchDaemon service. It is installed using a Zip file called “Adobe Flash Player.app.zip” and appears valid to the user.

Fox-IT notified Apple about the compromised certificate and it is likely Apple’s security team will have revoked it within the Gatekeeper system. That means it will no longer make its way through Gatekeeper as if it were a legitimate Mac App Store application and should be more difficult to spread for users who make use of Gatekeeper’s protections.

More than anything, Snake serves as a reminder that MacOS users should maintain the same diligence as users of other operating systems. Keep Gatekeeper turned on and fully enabled, only install applications from known sources, and utilize anti-malware software to keep your systems monitored and periodically scanned. Apple might like to poke fun at Windows for its allegedly less secure nature, but the reality is that nobody is completely safe from attack.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
This dangerous new Mac malware steals your credit card info
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.

The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.

Read more
macOS Sonoma public beta review: more than just screensavers
Craig Federighi introducing macOS Sonoma at Apple's Worldwide Developers Conference (WWDC) in June 2023.

It’s that time of year again when Apple launches all of its new operating systems into public beta and invites a brave public to sift through bugs and crashes to find the nuggets of gold that Apple has been working on. With macOS Sonoma now in public beta, the big question is this: should you upgrade your Mac?

Well, this year’s update has been a rather modest one, with few truly standout features. After all, you know it’s an unexceptional update when Apple leads its list of new features in macOS Sonoma with screen savers.

Read more
How macOS Sonoma could fix widgets — or make them even worse
Apple's 15-inch MacBook Air on a desk, with macOS Sonoma running on its display.

At its Worldwide Developers Conference (WWDC) earlier this year, Apple revealed that interactive widgets would be coming to macOS Sonoma. That probably sounds like a tiny new feature, and sure, it’s not as earth-shattering as the Vision Pro announcement. But it could turn out to be one of the most divisive new features in the Mac operating system.

In macOS Sonoma, you’ll be able to plant widgets on your desktop instead of hiding them in the Notification Center. Many widgets will be interactive, letting you tick off to-do list items without opening the widget’s app, for example. And you’ll be able to run iOS widgets right on your desktop, even if that app isn’t installed on your Mac. It’s a pretty comprehensive overhaul. Depending on how well these interactive widgets work, though, we could be left with a bunch of annoying distractions or a set of super-helpful timesavers. The way Apple handles them is going to be vital.
We've been here before

Read more