Skip to main content
  1. Home
  2. Computing
  3. News

Snake, the latest MacOS malware, makes its way over from Windows

By

exploit
Increasingly, the idea that MacOS does not suffer from the same malware threats as Windows is going out the window. MacOS suffers from some of the same kinds of attacks which make their way over from Windows.

One recently discovered example of a cross-platform attack is a fake Adobe Flash Player installer that bypasses the Gatekeeper feature introduced in MacOS Lion. Dubbed “Snake,” the malware injects malicious backdoor files into the MacOS file system, makes them persistent, and then uses them to access and pass along sensitive materials, the Fox-IT blog reports.

Recommended Videos

Gatekeeper uses a certificate-based system to differentiate between apps installed from the presumably secure Mac App Store and apps that users might want to install from outside that walled garden. If an application has a legitimate Gatekeeper certificate, the theory goes, then users can trust that the app is safe. Snake leverages this system by using a valid developer certificate that is likely stolen from a legitimate developer.

Related

According to Fox-IT, Snake could be tied to Russian hackers and is highly targeted at government and military institutions and large companies. It has been around on Windows for years and a version was ported to Linux in 2014. Now, the malware can infect MacOS machines using essentially the same framework that Fox-IT describes as “significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected.”

Interestingly, Snake does actually install the Adobe Flash Player but at the same time, it installs backdoor code that is kept as persistent by Apple’s LaunchDaemon service. It is installed using a Zip file called “Adobe Flash Player.app.zip” and appears valid to the user.

Fox-IT notified Apple about the compromised certificate and it is likely Apple’s security team will have revoked it within the Gatekeeper system. That means it will no longer make its way through Gatekeeper as if it were a legitimate Mac App Store application and should be more difficult to spread for users who make use of Gatekeeper’s protections.

More than anything, Snake serves as a reminder that MacOS users should maintain the same diligence as users of other operating systems. Keep Gatekeeper turned on and fully enabled, only install applications from known sources, and utilize anti-malware software to keep your systems monitored and periodically scanned. Apple might like to poke fun at Windows for its allegedly less secure nature, but the reality is that nobody is completely safe from attack.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
This devious scam app proves that Macs aren’t bulletproof
A close-up of a MacBook illuminated under neon lights.

Pirated software can cause all kinds of headaches, but Mac users might have thought themselves largely immune thanks to Apple’s reputation for solid security. Yet, that complacency could prove quite problematic, as a new strain of nearly undetectable malware has shown.

According to research from security firm Jamf Threat Labs, pirated versions of Apple’s Final Cut Pro moviemaking app have been modified to contain cryptojacking payloads. When installed, the app starts using your Mac to mine the Monero cryptocurrency behind your back, potentially slowing down your machine as system resources are illegitimately gobbled up.

Read more
Ranking the best (and worst) versions of macOS from the last 20 years
An Apple iMac from 2019 placed on a desk. The macOS Mojave operating system is on its display.

Apple’s macOS operating system is known for its stability and features, but it wasn’t always this way. Throughout the history of macOS (and OS X before it), there have been some real stinkers that Apple would probably rather we all forgot about. Yet there have also been some classic versions that still live fondly in the memories of Mac users new and old.

In this article, we’ve picked five of the best versions of Apple’s Mac operating system, as well as five of its worst, presented in chronological order. We’ve started with the launch of OS X 10.0 in 2001 and continued right up to the present, past the operating system’s rebranding as macOS in 2016. If Windows is your speed, we've also ranked the best Windows versions of all time. Let’s explore Apple’s greatest hits -- and some of its worst howlers.
Worst: OS X 10.0 Cheetah (2001)

Read more
Yes, you can use both Mac and Windows — here are some tips to get started
The keyboard of the MacBook Pro 14-inch on a wood surface.

I'm not a typical Windows or Mac user. Where most people choose one operating system and stick with it, I use both Windows 11 and MacOS regularly, going back and forth daily depending on my workflow. And it's easier to do than you probably think.

I have a fast Windows 11 desktop with three 27-inch 4K displays, and I use that for all my research-intensive work that benefits from multiple monitors. But for writing simple copy, and for personal tasks, I use a MacBook Pro 14 M1 Pro simply because I like it so much. It's not MacOS that draws me to the machine, but its battery life, cool yet quick operation, excellent keyboard and touchpad, and awesome HDR display. To stay sane, I've worked out a few tricks and techniques to make the constant switching bearable. Here's what I've learned.
Adjust to your keyboards

Read more