PSA: Russian-Backed Flash Trojan Ported to macOS

1 minute read
| News

A Russian-backed bit of malware called Snake has been ported to macOS, according to security blog Fox-IT (via Malwarebytes Labs). Snake is a trojan disguised to look like a Flash installer, and it’s been around on Windows since 2008 and Linux since 2014.

Snake Trojan on macOS

Snake Trojan on macOS

Snake Trojan on macOS

While malware, Snake is technically a Trojan, so it relies on tricking the user into installing it with their own password. It’s in the wild in a file named Install Adobe Flash Player.app.zip. The Snake Trojan on macOS installer is signed by a (currently) legit developer certificate issued to a “Addy Symonds.”

From Malwarebytes:

It’s not known at this point how Snake is spread, although the fact that it imitates an Adobe Flash Player installer suggests a not-very-sophisticated method. (I mean, come on, there are other pieces of software out there! Why are the bad guys so hung up on Flash installers?)

To Malwarebytes’ point, any user sophisticated enough to look for the name on the certificate isn’t likely to either fall victim to the Trojan or fooled by that name. Everyone else, however, won’t bother looking and could fall for the Trojan.

For funsies, Snake Trojan on macOS does actually install Flash. But, it delivers a payload of malware that will give the Russians control over your Mac. Which is something you probably want to avoid.

You can read up on the details of what Snake does at Malwarebytes. Our advice, though, is to not install Flash. If you MUST install Flash, get it directly from Adobe every single time.

6
Leave a Reply

Please Login to comment
6 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
6 Comment authors
wab95Lee DronickBryan Chaffinmbmoore@mbmoore.com Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
wab95
Member
wab95

Bryan: To the question, It’s not known at this point how Snake is spread, although the fact that it imitates an Adobe Flash Player installer suggests a not-very-sophisticated method. (I mean, come on, there are other pieces of software out there! Why are the bad guys so hung up on Flash installers?) Perhaps they’re friends of Bosco (Whatever happened to Brad? Those Flash tirades were a thing of wonder), or the bad guys could just have some adolescent superhero preoccupation, being geeks and all. More seriously, Flash remains anachronistically prevalent on academic-related, government and NGO websites (and the BBC, but… Read more »

Member
Bardi Jonssen

For those of us less sophisticated, what is the generally accepted manner to check the “certificate”?

OT : well said, skywatcher. Some took the “fake news” bait hook, line and sinker.

Lee Dronick
Member
Lee Dronick

I have been Flash free for years

mbmoore@mbmoore.com
Member
mbmoore@mbmoore.com

So, it was OK for Obama to give away every military advantage to Putin in the name of “flexibility”, and for Hillary Clinton to give away a large percentage of our uranium reserves to Russia in return for millions of dollars ‘contributed’ to the Clinton Crime Family Foundation? And you probably weren’t concerned at all by the thousands of classified emails leaked through to Americans enemies, including Russia. I bet you weren’t worried at all about Russian influence then. But now, you believe a fake story about Russian influence on Trump and the election –no real evidence whatsoever, mind you;… Read more »

skywatcher
Member
skywatcher

OK! I’ll take the obvious bait!

“For funsies, Snake Trojan on macOS does actually install Flash. But, it delivers a payload of malware that will give the Russians control over your Mac. Which is something you probably want to avoid.”

You meant, of course:

“For funsies, Snake-Oil Salesman Trump on Election OS (2016) does actually install FAKE NEWS. But, it delivers a payload of malware that will give the Russians control over your country. Which is something you probably want to avoid.”

😎