MalewarebytesLabs reported that the “Snake” malware has been ported over to Macs. That sucks. “Snake” has been well known as a backdoor malware on Windows since 2008. In 2014 it made its way to Linux systems and now onto our beloved Macs. This nasty piece of code is also known as “Turla” and “Uroburos”.
Discovered In Adobe Flash Installer
The snake was found a few days ago hiding in what appears to be a legitimate Adobe Flash Installer. It actually installs Adobe Flash Player but also brings along its malicious code for the ride. Once installed it opens a backdoor to your Mac. Once a backdoor is open, your Mac and the data on it, including passwords are vulnerable.
The files are tucked away in the Library/Scripts folder and appear to be an Adobe Launch process. Apple was quick to revoke the certificate the installer used but that action could be countered with a new iteration. So be diligent and cautious since Macs are no longer immune to such attacks. Malwarebytes refers to this as highly sophisticated on Windows and that its origins appear to be Russian government.
How to fix this
The cool dudes at MalwarebytesLabs have a free tool (Malwarebytes Anti-Malware) that will scan your Mac for Malware and eliminate it. It also provides “Next Steps” in case your Mac was infected. I just ran it on my MacBook and it found a threat (I had no idea). It was not the Snake malware but a threat is a threat. I removed it with the app and I was presented with a dialog that tells me what to do.
- Restart the computer if asked to
- Run another scan after restarting if you were asked to
- Change your browser’s homepage and search engine settings
- Test to see if the problem is gone
I was not asked to restart so I will assume all is well for now.
Malwarebytes has an in-depth article on the Snake malware threat on their blog and I would encourage you to read it if you have any concern that your Mac was infected or if you just like learning more about this stuff. Check it out here: https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-windows-mac/