Skip to main content
  1. Home
  2. Computing
  3. News

Snake, the latest MacOS malware, makes its way over from Windows

By

exploit
Image used with permission by copyright holder
Increasingly, the idea that MacOS does not suffer from the same malware threats as Windows is going out the window. MacOS suffers from some of the same kinds of attacks which make their way over from Windows.

One recently discovered example of a cross-platform attack is a fake Adobe Flash Player installer that bypasses the Gatekeeper feature introduced in MacOS Lion. Dubbed “Snake,” the malware injects malicious backdoor files into the MacOS file system, makes them persistent, and then uses them to access and pass along sensitive materials, the Fox-IT blog reports.

Recommended Videos

Gatekeeper uses a certificate-based system to differentiate between apps installed from the presumably secure Mac App Store and apps that users might want to install from outside that walled garden. If an application has a legitimate Gatekeeper certificate, the theory goes, then users can trust that the app is safe. Snake leverages this system by using a valid developer certificate that is likely stolen from a legitimate developer.

According to Fox-IT, Snake could be tied to Russian hackers and is highly targeted at government and military institutions and large companies. It has been around on Windows for years and a version was ported to Linux in 2014. Now, the malware can infect MacOS machines using essentially the same framework that Fox-IT describes as “significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected.”

Interestingly, Snake does actually install the Adobe Flash Player but at the same time, it installs backdoor code that is kept as persistent by Apple’s LaunchDaemon service. It is installed using a Zip file called “Adobe Flash Player.app.zip” and appears valid to the user.

Fox-IT notified Apple about the compromised certificate and it is likely Apple’s security team will have revoked it within the Gatekeeper system. That means it will no longer make its way through Gatekeeper as if it were a legitimate Mac App Store application and should be more difficult to spread for users who make use of Gatekeeper’s protections.

More than anything, Snake serves as a reminder that MacOS users should maintain the same diligence as users of other operating systems. Keep Gatekeeper turned on and fully enabled, only install applications from known sources, and utilize anti-malware software to keep your systems monitored and periodically scanned. Apple might like to poke fun at Windows for its allegedly less secure nature, but the reality is that nobody is completely safe from attack.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
The 6 best ways Macs work with your other Apple devices
A person holds an iPhone in front of a MacBook.

One of the best things about using more than one Apple device is the way they interact with each other. Apple has built all kinds of clever features into its famous ecosystem, and it means your devices all work together in a way that you just don’t get from any other manufacturer.

AirDrop might be the ultimate expression of this, though that's fairly well-known. Here, we’ve picked out six other great ways your Mac works with other Apple products. Most require you to have Bluetooth and Wi-Fi enabled, as well as for you to be using the same Apple ID on all your devices. Check the System Settings app on your devices to make sure the specific features are enabled, although most should be by default.

Read more
7 key settings in macOS Sonoma you should change right now
A MacBook Pro running macOS Sonoma at Apple's Worldwide Developers Conference (WWDC) in June 2023.

Apple’s macOS Sonoma came loaded with a bunch of great new features, including desktop widgets, video screen savers, and more. With plenty of them, you just need to sit back and enjoy them, without much action required on your part. But that’s not always the case.

Sometimes, you’ll have to change a few settings to enable a new feature. Other times, you might want to disable something that is switched on by default. Either way, it’s often worth diving into macOS Sonoma’s settings to get things how you want them.

Read more
All the best macOS Sonoma tips and tricks you need to know
A Safari window and the Maps app open in macOS Sonoma.

Apple’s macOS Sonoma is full of great features, including many that Apple raved about when it unveiled the operating system at its Worldwide Developers Conference (WWDC) in June 2023. If you want to get the most out of macOS Sonoma, it helps to know a few handy tips and tricks to improve your experience.

From rapidly hiding windows and showing the desktop to saving websites to your Dock for quick access, macOS Sonoma is bursting with clever extras that make a big difference in day-to-day usage. Here, we’ve collected eight of the best tips and tricks that will make using macOS Sonoma better than ever.
Look picture perfect

Read more