Security News

Apple Updates XProtect Malware Definitions for Trojan OSX/Snake.A

Posted on April 25th, 2018 by

Nearly one year after the discovery of a macOS Trojan, identified as OSX/Snake, Apple has issued an update to its XProtect malware definitions to provide rudimentary protection against this Mac threat.

This update brings Apple’s Malware Removal Tool ( to version 1.32, and detects the macOS Snake variant as OSX.4e36ae6. Apple also added detection for a piece of malware it identifies as OSX.127eaa6.

OSX.4e36ae6 = OSX/Snake.A

In early May 2017, security researchers discovered that malware known by the names Snake, Turla, and Uroburos was ported from Windows to Mac. The Mac version of the malware was found inside a compromised Abode Flash Player installer or embedded in compromised torrent files posing as legitimate software. This offers a fresh reminder that you should steer clear of BitTorrent as these sites are a malware cesspool.

RELATED: How to Tell if Adobe Flash Player Update is Valid

It’s important to note that Apple’s XProtect system provides only basic protection against certain Mac threats. It does not offer real-time scanning, nor does it protect against Windows malware or phishing attacks, and it lacks the layered protection that full-featured Mac antivirus software can provide.

While security updates from Apple are always welcome, it’s clear that Apple does not protect against every known threat and often doesn’t release updates in the most timely manner. One year before Apple’s MRT app received updates to protect against OSX.4e36ae6 malware, Intego already began detecting this threat as OSX/Snake.