Windows malware ported to Mac, imitates Adobe Flash Player Installer

Avatar Written by Ali Leghari · 1 min read>

Well-known windows backdoor malware “Snake” has been ported to Mac. This “Snake” malware was first found in Windows back in 2008 from where it was ported to Linux systems and now it has hit the Mac.

Disguising itself as Adobe Flash Player Installer, the malicious malware is hard to spot. The malware had a valid developer’s certificate and was set to run on MacOS with GateKeeper enabled.

The malware does actually install Adobe Flash Player but with the player, it also installs malware which is dangerous for MacOS. On MacOS, the malware is ported through a .zip file. The file is legitimate but contains a backdoor version of Adobe Flash Player which causes malware to enter the OS without any hurdle.

Fox-IT, news media platform popular for covering mac related updates, makes it clear that attacks involving “snake” are highly targeted.

“Researchers who have previously analyzed compromises where Snake was used have attributed the attacks to Russia. Compared to other prolific attackers with alleged ties to Russia…Snake’s code is significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected”.

Keeping in view the hazardous effect of the Malware, Apple authorities have already revoked the license that the “snake” malware is using to infect the MacOS. Those infected by the malware are vulnerable to having data stolen. Moreover, due to the severity of the issue, Apple has issued a warning for Mac users to install programs only from credible and certified developers.

How to check if you are infected by “Snake” malware

To check whether your system is infected by the malware or not, You need to run a scan with Malwarebytes for Mac. The Malwarebytes will detect the malware and remove it.

The malware can also be detected manually. It installs below-mentioned components on your system.

  • /Library/Scripts/queue
  • /Library/Scripts/installdp
  • /Library/Scripts/
  • /Library/LaunchDaemons/com.adobe.update.plist

Feature image source: MacRumors

2 Replies to “Windows malware ported to Mac, imitates Adobe Flash Player Installer”

Comments are closed.