This is another malware story that, for the time being, has a positive fix.
As reported by Malwarebytes today, a particularly noteworthy piece of malware that was originally present on Windows-based machines has founds its way to Macs. Specifically, it’s disguised as an installer for Adobe’s Flash Player. It’s even wrapped within a .ZIP file that’s entitled “Install Adobe Flash Player.app.zip.” It was initially caught because the signed certificate reads “Addy Symonds,” instead of Adobe, but it was enough to initially bypass the macOS Gatekeeper feature. It’s been named “Snake.”
At the time of publication, Apple has already revoked the bad certificate, so this particular issue has been fixed. However, another iteration of the malware could be developed and distributed in the same fashion, so it’s always good to be aware of what’s circulating.
“The malware was found in a file named Install Adobe Flash Player.app.zip. The app inside the .zip file would appear to be a legit Adobe Flash Player installer. The app is signed, however, by a certificate issued to an “Addy Symonds” rather than Adobe, but the average user is never going to know that… as long as it’s signed, Apple’s Gatekeeper system will allow it, when set to its default settings.
If the app is opened, it will immediately ask for an admin user password, which is typical behavior for a real Flash installer. If such a password is provided, the behavior continues to be consistent with the real thing.”
Infection is a bit limited, simply because you’d have to download this particular fake Flash Player installer from an email, rather than Adobe’s website. However, if it were to infect a system, it could leave the user open to having their unencrypted files and passwords exposed.