Also known as Turla or Uroboros.
They sound delicious, I think … but no, a piece of malware that has long targeted Windows users, and now reportedly updated to attempt the Mac market.
The updated code comes disguised as an Adobe Flash Player installer, wrapped inside a ZIP file labelled “Install Adobe Flash Player.app.zip”. A giveaway to its origins is that when run, the installer uses a developer’s certificate signed by an “Addy Symonds” instead of Adobe — this initially tricked macOS’s Gatekeeper feature, but Apple has already revoked the bad certificate.
If Gatekeeper is set to allow unsigned apps, victims should then be asked to enter their administrator password, as with Adobe’s real Flash installer. The look of the installer also mimics the real software, and, in fact, a working version of Flash is ready at the end. Similar malware typically runs a completely fake Flash installation or has to launch the legitimate one second.
People who fall prey open up a backdoor to their system which can expose passwords and unencrypted files.
Infection is unlikely, not just because of Gatekeeper, but because the file must be intentionally downloaded and run, for instance when delivered as an email attachment.
Of course, if you have seen the light, and don’t now use Adobe Flash, then you won’t even be tempted to try to install this.