Skip to main content
  1. Home
  2. Computing
  3. News

Snake, the latest MacOS malware, makes its way over from Windows

By

exploit
Image used with permission by copyright holder
Increasingly, the idea that MacOS does not suffer from the same malware threats as Windows is going out the window. MacOS suffers from some of the same kinds of attacks which make their way over from Windows.

One recently discovered example of a cross-platform attack is a fake Adobe Flash Player installer that bypasses the Gatekeeper feature introduced in MacOS Lion. Dubbed “Snake,” the malware injects malicious backdoor files into the MacOS file system, makes them persistent, and then uses them to access and pass along sensitive materials, the Fox-IT blog reports.

Recommended Videos

Gatekeeper uses a certificate-based system to differentiate between apps installed from the presumably secure Mac App Store and apps that users might want to install from outside that walled garden. If an application has a legitimate Gatekeeper certificate, the theory goes, then users can trust that the app is safe. Snake leverages this system by using a valid developer certificate that is likely stolen from a legitimate developer.

Related

According to Fox-IT, Snake could be tied to Russian hackers and is highly targeted at government and military institutions and large companies. It has been around on Windows for years and a version was ported to Linux in 2014. Now, the malware can infect MacOS machines using essentially the same framework that Fox-IT describes as “significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected.”

Interestingly, Snake does actually install the Adobe Flash Player but at the same time, it installs backdoor code that is kept as persistent by Apple’s LaunchDaemon service. It is installed using a Zip file called “Adobe Flash Player.app.zip” and appears valid to the user.

Fox-IT notified Apple about the compromised certificate and it is likely Apple’s security team will have revoked it within the Gatekeeper system. That means it will no longer make its way through Gatekeeper as if it were a legitimate Mac App Store application and should be more difficult to spread for users who make use of Gatekeeper’s protections.

More than anything, Snake serves as a reminder that MacOS users should maintain the same diligence as users of other operating systems. Keep Gatekeeper turned on and fully enabled, only install applications from known sources, and utilize anti-malware software to keep your systems monitored and periodically scanned. Apple might like to poke fun at Windows for its allegedly less secure nature, but the reality is that nobody is completely safe from attack.

Editors’ Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
I’ve been using the first macOS Sequoia public beta. Here’s my take on it so far
The iPhone Mirroring feature from macOS Sequoia being demonstrated at the Worldwide Developers Conference (WWDC) 2024.

Apple today launched the macOS Sequoia public beta, opening the doors to app developers, bug hunters, and curious users alike. With the full release not expected until much later this year, it’s a good opportunity to get a sneak peek at what Apple has in store for us.

Or at least, a sneak peek at most of what’s planned. Despite being packed with features, macOS Sequoia is missing the headline-grabbing Apple Intelligence feature, at least for the time being. Without that, is it still worth downloading and installing the public beta?

Read more
The macOS Sequoia public beta just launched. Here’s how to download it
Apple's Craig Federighi introducing the new window tiling feature in macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.

The public beta for macOS Sequoia is here, and that means anyone with a compatible device can install it and try it out -- no paid developer memberships needed. Here's how to get it.

First of all, you'll need a PC that can run macOS Sequoia. This is the list of compatible models:

Read more
The ChatGPT app has changed how I use my Mac in three key ways
The Option+Space shortcut of the macOS ChatGPT app.

After a long wait, OpenAI has launched the ChatGPT app on macOS for everyone to use. I’ve been playing around with it to see how it works and what it’s good at, and I’ve come away pretty impressed so far. It’s got all the power of ChatGPT in a handy desktop package. Better yet, you don’t need to pay to use it, as there’s no cost to download it, and it works with a free OpenAI account (free accounts do have limits placed on their usage, though, as they do on the web).

After seeing what I can get out of it, I’ve found there are three things I really love about the new ChatGPT Mac app. From the way it launches to its impressive capabilities, I think you’ll enjoy these aspects of the app as well.
It launches with a clever shortcut

Read more