PSA: Russian-Backed Flash Trojan Ported to macOS

Computer, Mac

Snake Trojan on macOS

Snake Trojan on macOS

While malware, Snake is technically a Trojan, so it relies on tricking the user into installing it with their own password. It’s in the wild in a file named Install Adobe Flash Player.app.zip. The Snake Trojan on macOS installer is signed by a (currently) legit developer certificate issued to a “Addy Symonds.”

From Malwarebytes:

It’s not known at this point how Snake is spread, although the fact that it imitates an Adobe Flash Player installer suggests a not-very-sophisticated method. (I mean, come on, there are other pieces of software out there! Why are the bad guys so hung up on Flash installers?)

To Malwarebytes’ point, any user sophisticated enough to look for the name on the certificate isn’t likely to either fall victim to the Trojan or fooled by that name. Everyone else, however, won’t bother looking and could fall for the Trojan.

For funsies, Snake Trojan on macOS does actually install Flash. But, it delivers a payload of malware that will give the Russians control over your Mac. Which is something you probably want to avoid.

You can read up on the details of what Snake does at Malwarebytes. Our advice, though, is to not install Flash. If you MUST install Flash, get it directly from Adobe every single time.

[Source:- macobserver]