Mac users warned about dangerous new malware hidden in fake Adobe Flash Player app


Apple users are being warned about the latest form of malware targeting Mac computers.

The malware, known as Snake, is a sophisticated piece of software that has previously only been seen on Windows.

However, security firm Fox IT says a new variant of the malware, which also goes by the names of Turla or Uroburos, has been created to specifically for devices running macOS.

The main purpose of the malware is steal sensitive data from the likes of government organisations and major international corporations.

Fox IT says the malware originates from Russia and has been used to hack Windows computers since 2008.

snake installer

Image: Malwarebytes

According to Fox IT, the variant of the malware being distributed at the moment is hidden inside a fake Adobe Flash Player installer, which if installed onto a machine gives hackers backdoor access to all the files and data stored on the hard drive, as well the ability to intercept logins details to online accounts.

The malicious file is titled: Adobe Flash

The fake installer is able to bypass Apple’s security systems as it uses a valid developer certificate issued by Apple that has likely been stolen from elsewhere, which means it can go about its business undetected.

This isn’t the first piece of malware use a fake developer certificate to bypass security and target Mac users.

Last month, cyber security firm Check Point discovered a strain of malware dubbed OSX/Dok which was infecting users in Europe via a phishing campaign.

The malware was not flagged by Apple’s Gatekeeper security tool as it used a valid developer certificate of authentication to appear legitimate.

The advice to users is to be careful where you downloads apps and files from, regardless of what operating systems you use.

Always make sure you have a valid anti virus software installed on your device and make sure it is kept up to date.

UPDATE – Fox IT reports Apple has now removed the developer certificate which means its security systems should flag it as being unsafe.

Via: Malwarebytes and Fox IT


Comments are closed.