The security researchers at Fox-IT have discovered a modified version of the previously known snake malware. This version specifically designed to target MacOS.
According to Fox-IT, Snake could be tied to Russian hackers and is highly targeted at government and military institutions and large companies. It has been around on Windows for years and a version was ported to Linux in 2014. Now, the malware can infect MacOS machines using essentially the same framework that Fox-IT describes as “significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected.”
In the OS X targeting version, the researchers found the snake malware to be hidden in a ZIP file as adobe-flash-player, and once the user opens the attachments, the malware is automatically installed on the victim’s machine. It looks like for now the malware attack can not be blocked by Apple since it seems to have a signed developer certificate- presumably stolen by the hackers.
Fox-IT notified Apple about the compromised certificate and it is likely Apple’s security team will have revoked it within the Gatekeeper system. That means it will no longer make its way through Gatekeeper as if it were a legitimate Mac App Store application and should be more difficult to spread for users who make use of Gatekeeper’s protections.