Earlier this year, researchers from security firm Malwarebytes discovered a piece of Mac malware called Fruitfly that reportedly spied on computers in medical research centers for years before being detected. Apple has since updated macOS to automatically detect the malware, safeguarding users.

macbook air
However, a new variant of the Fruitfly malware has recently been discovered by Patrick Wardle, a researcher with security firm Synack. Wardle said the malware has been targeting Macs for at least five years, with the number of infected Macs totaling nearly 400 and possibly much higher, reports Ars Technica.

The malware can supposedly capture screenshots, keystrokes, webcam images, and other info about each infected Mac. The Fruitfly variant also collects information about devices connected to the same network, according to the report.

Wardle said the method of infection remains unknown, but he suspects it involves tricking users into clicking on malicious links, as opposed to exploiting vulnerabilities in apps or in macOS. He added that the primary command-and-control server used by the malware's creators has since been shut down.

Many of the affected Macs have never been disinfected, however, allowing Wardle to create his own custom command-and-control server for the malware and witness the close to 400 infected machines connect to it.

After analyzing the new variant, Wardle was able to decrypt several backup domains that were hardcoded into the malware. To his surprise, the domains remained available. Within two days of registering one of the addresses, close to 400 infected Macs connected to the server, mostly from homes located in the United States. Although Wardle did nothing more than observe the IP address and user names of Macs that connected to his server, he had the ability to use the malware to spy on the users who were unwittingly infected.

Wardle will provide a briefing about his custom command-and-control server tactics on Wednesday at the Black Hat security conference in Las Vegas.

Since the method of infection is unknown, there aren't many specific steps users can take to ensure they're protected. But, given all domains known to be associated with the malware are no longer available, and the limited number of Macs infected beforehand, most users shouldn't be too worried about this malware.

One option Mac users have is to install OverSight, a free software tool that monitors a Mac's microphone and webcam, alerting the user when the internal microphone is activated, or whenever a process accesses the webcam.

Wardle has reported all of his findings to law enforcement officials, and the threat is likely neutralized, according to the report.

Tag: malware

Top Rated Comments

Altis Avatar
55 months ago
Keep operating systems up to date. Exploitation of un-patched vulnerabilties by non-governments is exceedingly rare.

If you don't do security updates as they become available you almost deserve what you get.
That's why security updates should be separate from feature updates.

A lot of people deliberately don't update because of adverse changes to the user experience, leaving security vulnerabilities.
Score: 7 Votes (Like | Disagree)
throAU Avatar
55 months ago
That's why security updates should be separate from feature updates.

A lot of people deliberately don't update because of adverse changes to the user experience, leaving security vulnerabilities.
I get it, but it comes down to this:

Adapt or switch platforms if the user experience changes bother you that much.

No developer is going to support a massive number of platforms with security updates concurrently. They just can't afford to patch old platforms forever. Because every platform means a seperate codebase to maintain and backport/re-develop updates for, beta test, etc.

Apple right now supports 3 (? more?) OS revisions typically (i.e., they do split feature updates and security updates to that degree already), if you haven't dealt with the "user experience" changes after 2-3 new OS revisions, you should be jumping ship to another platform. Just not patching and becoming insecure isn't really a sensible choice.

I'm guessing the big cries from some still go back to the changes made in Lion. It is well beyond time to get over it.

But you'll get the same thing wherever you jump. MS won't support old operating systems forever, and neither will any Linux distribution. No one will.

Adapt, or deal with being insecure.
Score: 3 Votes (Like | Disagree)
throAU Avatar
55 months ago
Keep operating systems up to date. Exploitation of un-patched vulnerabilties by non-governments is exceedingly rare.

If you don't do security updates as they become available you almost deserve what you get.
Score: 3 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
55 months ago
People aren't aware of this? Been around for years.
Score: 2 Votes (Like | Disagree)
convergent Avatar
55 months ago
I wonder how many windows pcs are infected right now?
I would place my guess at zero Windows PCs infected with malware targeting Mac webcams, but I could be wrong. :rolleyes:
Score: 1 Votes (Like | Disagree)
charlituna Avatar
55 months ago
That's why security updates should be separate from feature updates.

A lot of people deliberately don't update because of adverse changes to the user experience, leaving security vulnerabilities.
with Mac OS they often are
Score: 1 Votes (Like | Disagree)

Related Stories

studio buds family

Beats Studio Buds Debuting Today With Active Noise Cancellation, Stemless Design, and More for $150

Monday June 14, 2021 8:00 am PDT by
We've seen a lot of teasers about the Beats Studio Buds over the past month since they first showed up in Apple's beta software updates, and today they're finally official. The Beats Studio Buds are available to order today in red, white, and black ahead of a June 24 ship date, and they're priced at $149.99. The Studio Buds are the first Beats-branded earbuds to truly compete with AirPods...
youtube apple tv

YouTube Discontinuing 3rd-Generation Apple TV App, AirPlay Still Available

Wednesday February 3, 2021 3:09 pm PST by
YouTube is planning to stop supporting its YouTube app on the third-generation Apple TV models, where YouTube has long been available as a channel option. A 9to5Mac reader received a message about the upcoming app discontinuation, which is set to take place in March.Starting early March, the YouTube app will no longer be available on Apple TV (3rd generation). You can still watch YouTube on...
gradiente iphone white

Brazilian Electronics Company Revives Long-Running iPhone Trademark Dispute

Tuesday May 19, 2020 1:06 pm PDT by
Apple has been involved in a long-running iPhone trademark dispute in Brazil, which was revived today by IGB Electronica, a Brazilian consumer electronics company that originally registered the "iPhone" name in 2000. IGB Electronica fought a multi-year battle with Apple in an attempt to get exclusive rights to the "iPhone" trademark, but ultimately lost, and now the case has been brought to...
YouTube Picture in Picture Feature

YouTube Premium Subscribers Can Now Use iOS Picture-in-Picture: Here's How

Wednesday August 25, 2021 3:55 am PDT by
Google has rolled out picture-in-picture support as an "experimental" feature for YouTube premium subscribers, allowing them to watch video in a small window when the app is closed. If you're a premium YouTube subscriber looking to try out picture-in-picture, follow these steps: Launch a web browser and sign into your YouTube account at YouTube.com. Navigate to www.youtube.com/new. Scroll...
apple privacy

Apple Publishes FAQ to Address Concerns About CSAM Detection and Messages Scanning

Monday August 9, 2021 1:50 am PDT by
Apple has published a FAQ titled "Expanded Protections for Children" which aims to allay users' privacy concerns about the new CSAM detection in iCloud Photos and communication safety for Messages features that the company announced last week. "Since we announced these features, many stakeholders including privacy organizations and child safety organizations have expressed their support of...
apple screen time screen icons

Persistent Kids Finding Loopholes in Apple's Screen Time Limits

Tuesday October 15, 2019 9:44 am PDT by
Apple is currently engaged in a cat-and-mouse game with persistent kids looking to circumvent Screen Time restrictions, but the company has been receiving some criticism for not moving quickly enough to lock down some of the loopholes, reports The Washington Post. A few of the loopholes and ways for parents to shut them down are documented on the site Protect Young Eyes, while these and...
2012macpro

Apple Outlines Metal-Capable Cards Compatible With macOS Mojave on 2010 and 2012 Mac Pro Models

Monday September 24, 2018 3:26 pm PDT by
Apple's new macOS Mojave update is not compatible with mid-2010 and mid-2012 Mac Pros with stock GPUs, but it is supported on 2010 and 2012 Mac Pro models that have been upgraded with graphics cards that support Metal. Apple today shared a new support document that provides a list of graphics cards that are Metal-capable, which will be useful for 2010 and 2012 Mac Pro owners who want to...
bluetti eb70 main

MacRumors Giveaway: Win a Bluetti EB70 Portable Power Station and 200W Solar Panel

Friday September 3, 2021 11:13 am PDT by
For this week's giveaway, we've teamed up with MAXOAK to offer MacRumors readers a chance to win a Bluetti portable power station and an accompanying solar panel. Bluetti makes a range of portable power station options that are useful for camping, emergencies, power outages, off-grid living, and similar situations. The Bluetti EB70 is a solid middle of the road option that offers 716Wh and...
anker lightning cable mfi

Unwrap a New Apple Device? Stock Up on Extra Certified Lightning Cables for as Little as $6

Monday December 25, 2017 5:45 am PST by
If you unwrapped an Apple product today it likely came with one of the company's first-party Lightning cables, but having an extra on hand is always a good idea, so you can place it in other rooms in your house, in your car, or in a bag when you travel. For that reason, now's a good time to shop for third-party Lightning cables that are cheaper than Apple's own accessory, but still Made For...
ipad pro 10 5

Apple Discontinues 10.5-Inch iPad Pro Following Launch of Lower-Priced 10.5-Inch iPad Air

Monday March 18, 2019 6:09 am PDT by
Apple has stopped selling the second-generation 10.5-inch iPad Pro, originally released in June 2017, after launching a new 10.5-inch iPad Air today. The 10.5-inch iPad Pro had remained available from $649 following the release of 11-inch and 12.9-inch iPad Pro models in October 2018, but it has been replaced by the 10.5-inch iPad Air with a cheaper starting price of $499. The new iPad...