According to the secure Web site, Malwarebytes reported that the updated code allows the worm Snake to disguise as an Adobe Flash installer program and package it in a ZIP archive called “Install Adobe Flash Player.app.zip”. When you run the zip file, the installer’s signature will be changed to “Addy Symonds” instead of Adobe. The Gatekeeper’s security technology introduced by Mac computers ensures that users install applications with developer signatures and prevent some external malware. Apple has revoked this camouflage certificate.
If the system Gatekeeper is set up to allow unsigned App installation, the victim will be asked to enter the administrator password as if it were a real Adobe Flash installer, and the worm’s software design was similar to the real Flash installer.
After the user installs the malware, the attacker will be able to open the system backdoor, spy on user passwords, and unencrypted files.
Mac devices are less likely to be infected, but not just because of the presence of Gatekeeper, but because the virus file is only available when it is intentionally downloaded and running, such as when it is delivered as an e-mail attachment.
Just last week, another was called “Dok”, and the developer signed the malware began to spread on the Mac. The malicious code is spread by e-mail and is hidden in the fake OS X update. After the user moves, Dok Malware gets the administrative privileges of the computer and installs a new root certificate, and then completely intercepts all the network traffic of the victim, including SSL encrypted traffic.