Earlier this year, researchers from security firm Malwarebytes discovered a piece of Mac malware called Fruitfly that reportedly spied on computers in medical research centers for years before being detected. Apple has since updated macOS to automatically detect the malware, safeguarding users.
However, a new variant of the Fruitfly malware has recently been discovered by Patrick Wardle, a researcher with security firm Synack. Wardle said the malware has been targeting Macs for at least five years, with the number of infected Macs totaling nearly 400 and possibly much higher, reports Ars Technica.
The malware can supposedly capture screenshots, keystrokes, webcam images, and other info about each infected Mac. The Fruitfly variant also collects information about devices connected to the same network, according to the report.
Wardle said the method of infection remains unknown, but he suspects it involves tricking users into clicking on malicious links, as opposed to exploiting vulnerabilities in apps or in macOS. He added that the primary command-and-control server used by the malware's creators has since been shut down.
Many of the affected Macs have never been disinfected, however, allowing Wardle to create his own custom command-and-control server for the malware and witness the close to 400 infected machines connect to it.
Since the method of infection is unknown, there aren't many specific steps users can take to ensure they're protected. But, given all domains known to be associated with the malware are no longer available, and the limited number of Macs infected beforehand, most users shouldn't be too worried about this malware.
One option Mac users have is to install OverSight, a free software tool that monitors a Mac's microphone and webcam, alerting the user when the internal microphone is activated, or whenever a process accesses the webcam.
Wardle has reported all of his findings to law enforcement officials, and the threat is likely neutralized, according to the report.
However, a new variant of the Fruitfly malware has recently been discovered by Patrick Wardle, a researcher with security firm Synack. Wardle said the malware has been targeting Macs for at least five years, with the number of infected Macs totaling nearly 400 and possibly much higher, reports Ars Technica.
The malware can supposedly capture screenshots, keystrokes, webcam images, and other info about each infected Mac. The Fruitfly variant also collects information about devices connected to the same network, according to the report.
Wardle said the method of infection remains unknown, but he suspects it involves tricking users into clicking on malicious links, as opposed to exploiting vulnerabilities in apps or in macOS. He added that the primary command-and-control server used by the malware's creators has since been shut down.
Many of the affected Macs have never been disinfected, however, allowing Wardle to create his own custom command-and-control server for the malware and witness the close to 400 infected machines connect to it.
After analyzing the new variant, Wardle was able to decrypt several backup domains that were hardcoded into the malware. To his surprise, the domains remained available. Within two days of registering one of the addresses, close to 400 infected Macs connected to the server, mostly from homes located in the United States. Although Wardle did nothing more than observe the IP address and user names of Macs that connected to his server, he had the ability to use the malware to spy on the users who were unwittingly infected.Wardle will provide a briefing about his custom command-and-control server tactics on Wednesday at the Black Hat security conference in Las Vegas.
Since the method of infection is unknown, there aren't many specific steps users can take to ensure they're protected. But, given all domains known to be associated with the malware are no longer available, and the limited number of Macs infected beforehand, most users shouldn't be too worried about this malware.
One option Mac users have is to install OverSight, a free software tool that monitors a Mac's microphone and webcam, alerting the user when the internal microphone is activated, or whenever a process accesses the webcam.
Wardle has reported all of his findings to law enforcement officials, and the threat is likely neutralized, according to the report.
Tag: malware
24 comments
Apple this week began stocking a new 4K 23.7-inch LG UltraFine Display, which replaces the original 21.5-inch 4K LG UltraFine Display that was pulled from retail stores and the online Apple Store...
Ahead of the 2019 Worldwide Developers Conference, which kicks off on Monday, June 3 with a keynote event, Apple has updated its official WWDC app for iOS devices.
There have been no design...
Apple today quietly released an updated version of macOS Mojave 10.14.5, which is designed for 15-inch MacBook Pro models that feature a T2 security chip, aka the 2018 and 2019 machines.
The new...
Apple today sent out media invites for the keynote event of its 30th annual Worldwide Developers Conference, which takes place at 10:00 a.m. Pacific Time at the McEnery Convention Center in San Jose,...
The UK's competition watchdog today announced that Apple has formally agreed to be "clearer and more upfront with iPhone users" about battery health and performance to ensure compliance...
The FTC today won its antitrust lawsuit against Qualcomm over the chipmaker's anticompetitive business practices.
As first reported by legal expert Florian Mueller on his blog FOSS...
Safari on iOS has a surprising number of hidden tricks, letting you manipulate tabs, conduct page-specific searches, and more, and not all of these features are immediately obvious due to the...
Cannes Lions today announced that Apple has been named the Creative Marketer of the Year, marking the first time the Cupertino company has won the award.
Apple was named the Creative Marketer of...
