Snake malware ported from Windows to Mac

  •   Ricky
  •   July 31, 2017
  •   290
  •   0
  • Photo Courtsey:
Loading...
Snake malware ported from Windows to Mac

Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least 2008. It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Linux systems in 2014. Now, it appears to have been ported to Mac.

Fox-IT International wrote about thediscovery of a Mac version of Snake on Tuesday. It’s not known at this point how Snake is spread, although the fact that it imitates an Adobe Flash Player installer suggests a not-very-sophisticated method. (I mean, come on, there are other pieces of software out there! Why are the bad guys so hung up on Flash installers?)

Distribution method

The malware was found in a file namedInstall Adobe Flash Player.app.zip. The app inside the .zip file would appear to be a legit Adobe Flash Player installer. The app is signed, however, by a certificate issued to an “Addy Symonds” rather than Adobe, but the average user is never going to know that… as long as it’s signed, Apple’s Gatekeeper system will allow it, when set to its default settings.

If the app is opened, it will immediately ask for an admin user password, which is typical behavior for a real Flash installer. If such a password is provided, the behavior continues to be consistent with the real thing.

Snake, also known as Turla and Uroburos, is backdoor malware that has