A new piece of backdoor malware originally discovered on Windows has found a new home in macOS. Disguising itself as a legitimate Adobe Flash Player installer, the malware burrows into pre-existing macOS folders making it harder to spot. Having used a valid developer’s certificate, the malware was set to run free on macOS even with Gatekeeper enabled.
These certificates were created to help validate applications with Gatekeeper, but lately have been used to spread malicious software. This is the second reported malware incident in the past week using a valid certificate.
Adobe Flash Player is the superior, lightweight, very expressive customer runtime that conveys intense and reliable client encounters crosswise over major working frameworks, programs, and cell phones. Sometimes you may see a yellow banner at the top of the screen saying “Adobe Flash Player was blocked because it is out of date.” or “$1 was blocked because it is out of date.” to indicate the plugin must be updated.
The Snake malware, and the variants it derives from, has been around for nearly a decade now. Malwarebytes reports Snake has been infecting Windows systems as far back as 2008 and even having a Linux variant discovered back in 2014. Fox-ITdescribes it as a “relatively complex malware framework” citing a research paper from the Swiss government’s Computer Emergency Response Team.
Adobe Flash Player For Android
By clicking the Download now button, you acknowledge that you have read and agree to the Adobe Software Licensing Agreement. Adobe® Flash® Player is a lightweight browser plug-in and rich Internet application runtime that delivers consistent and engaging user experiences, stunning audio/video playback, and exciting gameplay. Firstly, Adobe Flash Player is on an awful lot of computers. Many users may have installed it long ago in order to access Flash-based media content online, such as videos.
Fox-IT makes it clear that attacks involving Snake are highly targeted.
Researchers who have previously analyzed compromises where Snake was used have attributed the attacks to Russia. Compared to other prolific attackers with alleged ties to Russia…Snake’s code is significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected.
Today’s macOS variant isn’t one you’ll randomly receive, but the manner in which it hides itself is important.
Adobe Flash Player
Snake’s Adobe Flash malware
On macOS, Snake is distributed through a .zip file titled Adobe Flash Player.app.zip. This file contains a legitimate, but backdoored, version of the Adobe’s Flash Player. The application contained within the .zip file initially appears legitimate because of its valid signed certificate issued through Apple. Upon closer inspection, the signature comes from a developer named Addy Symonds, and not the expected Adobe. Even the application’s bundle structures looks odd when compared to a normal one.
Most users wouldn’t think to check an application’s bundle before installing the app.
If a user had proceeded with the installation regardless, handily enough the malware would install a legitimate copy of Adobe Flash Player on the system. During this install, it would also add the backdoor malicious files to the macOS system folders and keep them persistent. By using Apple’s LaunchDaemon service, it could ensure that the backdoor would quickly relaunch if ever closed.
How to check if you’re infected with Snake’s backdoor malware
The Snake malware version currently out in the wild contains debug code and its certificate was signed in February of this year. This leads Fox-IT to believe it may not have even been operational yet, but would soon be used on targets.
Luckily, if anyone does have the Adobe Flash Player.app.zip fileon their system, macOS’ Gatekeeper will no longer show the developer certificate as valid. Apple has revoked that developer’s certificate to help subdue further damage.
To easily check if a system has been infected by the Snake backdoor malware, run a scan with Malwarebytes for Mac. The free software will detect Snake as OSX.Snake and remove it.
If you’d like to manually check for infection, the backdoor malware installs the following various components:
- /Library/Scripts/queue
- /Library/Scripts/installdp
- /Library/Scripts/installd.sh
- /Library/LaunchDaemons/com.adobe.update.plist
- /var/tmp/.ur-*
- /tmp/.gdm-socket
- /tmp/.gdm-selinux
Malwarebytes recommends changing passwords and contacting your business IT department if you were infected. The former is to secure yourself and online accounts, and the latter to mitigate any potential company damage.
Attacks like these are easily spread through spear phishing emails, so be vigilant in your online behaviors.
Images Credit: Malwarebytes
Adobe Flash Player
What's new?
Staying Secure
Ensure your Flash Player installation is secure and up to date. Simply select 'Allow Adobe to install updates' during the installation process or choose this option anytime in the Flash Player control panel.
Gaming
Take your gaming to the next level with Flash Player's incredible Stage 3D graphics. Smooth, responsive, and incredibly detailed games are a click away. We've even added support for game controllers so come get your game on!
High Performance
![Adobe Flash Player For Mac May 2017 Adobe Flash Player For Mac May 2017](https://sekizbir.net/wp-content/uploads/2017/11/Adobe-Flash-Player-on-Mac-500x261.jpg)
Adobe flash player security update for mac. Experience hardware accelerated HD video with perfect playback using Flash Player. Recent improvements allow supported Flash content and games to continue to deliver responsive feedback even when your CPU is maxed.
JavaScript is currently disabled in your browser and is required to download Flash Player.
Click here for instructions to enable JavaScript.
Click here for instructions to enable JavaScript.
Version 32.0.0.238
In order to provide the best platform for continued innovation, Jive no longer supports Internet Explorer 7. Download most recent adobe flash player for mac. Attention, Internet Explorer User Announcement: Jive has discontinued support for Internet Explorer 7 and below.
Your system:
, English
About:
Adobe® Flash® Player is a lightweight browser plug-in and rich Internet application runtime that delivers consistent and engaging user experiences, stunning audio/video playback, and exciting gameplay.
Installed on more than 1.3 billion systems, Flash Player is the standard for delivering high-impact, rich Web content.
Optional offer:
Terms & conditions:
By clicking the Download now button, you acknowledge that you have read and agree to the Adobe Software Licensing Agreement. Is adobe flash player safe for mac 2018.
Note: Your antivirus software must allow you to install software.
Total size: 20.3 MB