Snake malware is a sophisticated serpent aiming to poison Macs

News has emerged of yet another piece of malware targeting Apple’s computers, and this one is a heavyweight offender in terms of being a sophisticated piece of malicious software.

The malware, known as Snake (and also by other names such as Turla or Uroburos), is apparently the concoction of Russian cyber-espionage snoopers, and has mainly targeted Windows systems (and Linux in some cases) until now.

However, security firm Fox-IT has observed a new variant of Snake aimed at macOS systems, looking to steal sensitive data from the likes of government and corporate MacBooks around the world.

However, Fox-IT notes that the version of the malware framework it discovered has debug capabilities within it, and also legacy references to the Windows version it was ported from (such as references to Internet Explorer) – and therefore it’s likely that the full version of the macOS variant isn’t yet operational.

But it’s equally likely that it will be soon – and that the malware will come cunningly packaged, which isn’t surprising given the sophistication of this operation.

Fake Flash

The security company found the malware as a fake Adobe Flash Player installer that contains a backdoor to access the machine it’s installed on, and it uses a valid (probably stolen) developer certificate from Apple, meaning it can get around the operating system’s security checks.

This isn’t the first Mac malware we’ve seen perform this trick; far from it. At the beginning of this week there was the Dok Trojan, and back in March we had the Proton malware, both of which managed to conceal themselves with proper code-signed signatures from Apple, enabling their fake installers to avoid being blocked by your system.

As ever it pays to be very careful about the source of your downloads, and about what you install on your PC, whether it’s a Windows, Mac or Linux machine.

Via: PC World

  • Microsoft is making an effort to combat malware in Windows 10