New twist on an old malware has been detected by Fox-IT International.
For years, Mac users have lived in the blissful comfort of a virus-free bubble, happily choosing their Cupertino-based tech over the constant barrage of malicious software that targets Windows machines almost daily. Unfortunately, thanks to recent innovations in being a bad guy, the numbers of attacks against Apple devices and systems has been on the rise.
A new twist on an old malware has been detected by Fox-IT International on Macs, for example. Snake Malware, which has infected Windows devices for almost ten years under the names Turla and Uroburos, was recently ported to Macs while hiding in a Flash player installer.
According to an in-depth report by Malware Bytes, “The malware was found in a file named Install Adobe Flash Player.app.zip. The app inside the .zip file would appear to be a legit Adobe Flash Player installer. The app is signed, however, by a certificate issued to an ‘Addy Symonds’ rather than Adobe, but the average user is never going to know that… as long as it’s signed, Apple’s Gatekeeper system will allow it, when set to its default settings.
“If the app is opened, it will immediately ask for an admin user password, which is typical behavior for a real Flash installer. If such a password is provided, the behavior continues to be consistent with the real thing.”
While it’s still newsworthy when a new infection strikes an Apple product, it’s becoming more and more common. The recent news surrounding the OSX/Dok malware that was spread through a good old-fashioned phishing email highlights the fact that users might be too accustomed to their Mac safety blankets. The report from just last month that Little Flocker is back under an ugly new name may also show, however, that new threats might not be as easy to come by; it could be far easier to repackage an old infection rather than attempt to bypass Apple’s security with a new threat.