Earlier this year, researchers from security firm Malwarebytes discovered a piece of Mac malware called Fruitfly that reportedly spied on computers in medical research centers for years before being detected. Apple has since updated macOS to automatically detect the malware, safeguarding users.
However, a new variant of the Fruitfly malware has recently been discovered by Patrick Wardle, a researcher with security firm Synack. Wardle said the malware has been targeting Macs for at least five years, with the number of infected Macs totaling nearly 400 and possibly much higher, reports Ars Technica.
The malware can supposedly capture screenshots, keystrokes, webcam images, and other info about each infected Mac. The Fruitfly variant also collects information about devices connected to the same network, according to the report.
Wardle said the method of infection remains unknown, but he suspects it involves tricking users into clicking on malicious links, as opposed to exploiting vulnerabilities in apps or in macOS. He added that the primary command-and-control server used by the malware's creators has since been shut down.
Many of the affected Macs have never been disinfected, however, allowing Wardle to create his own custom command-and-control server for the malware and witness the close to 400 infected machines connect to it.
Since the method of infection is unknown, there aren't many specific steps users can take to ensure they're protected. But, given all domains known to be associated with the malware are no longer available, and the limited number of Macs infected beforehand, most users shouldn't be too worried about this malware.
One option Mac users have is to install OverSight, a free software tool that monitors a Mac's microphone and webcam, alerting the user when the internal microphone is activated, or whenever a process accesses the webcam.
Wardle has reported all of his findings to law enforcement officials, and the threat is likely neutralized, according to the report.
However, a new variant of the Fruitfly malware has recently been discovered by Patrick Wardle, a researcher with security firm Synack. Wardle said the malware has been targeting Macs for at least five years, with the number of infected Macs totaling nearly 400 and possibly much higher, reports Ars Technica.
The malware can supposedly capture screenshots, keystrokes, webcam images, and other info about each infected Mac. The Fruitfly variant also collects information about devices connected to the same network, according to the report.
Wardle said the method of infection remains unknown, but he suspects it involves tricking users into clicking on malicious links, as opposed to exploiting vulnerabilities in apps or in macOS. He added that the primary command-and-control server used by the malware's creators has since been shut down.
Many of the affected Macs have never been disinfected, however, allowing Wardle to create his own custom command-and-control server for the malware and witness the close to 400 infected machines connect to it.
After analyzing the new variant, Wardle was able to decrypt several backup domains that were hardcoded into the malware. To his surprise, the domains remained available. Within two days of registering one of the addresses, close to 400 infected Macs connected to the server, mostly from homes located in the United States. Although Wardle did nothing more than observe the IP address and user names of Macs that connected to his server, he had the ability to use the malware to spy on the users who were unwittingly infected.Wardle will provide a briefing about his custom command-and-control server tactics on Wednesday at the Black Hat security conference in Las Vegas.
Since the method of infection is unknown, there aren't many specific steps users can take to ensure they're protected. But, given all domains known to be associated with the malware are no longer available, and the limited number of Macs infected beforehand, most users shouldn't be too worried about this malware.
One option Mac users have is to install OverSight, a free software tool that monitors a Mac's microphone and webcam, alerting the user when the internal microphone is activated, or whenever a process accesses the webcam.
Wardle has reported all of his findings to law enforcement officials, and the threat is likely neutralized, according to the report.
Tag: malware
24 comments
The United States Justice Department is launching a broad antitrust review into whether major technology companies are unlawfully stifling competition, reports The Wall Street Journal.
The DoJ...
Apple this week released iOS 12.4, the newest version of iOS 12 available for iPhones and iPads. One of the new features in iOS 12.4 is an updated data migration option that uses device to device...
Apple's mobile apps are often first in App Store search results ahead of competitors, according to a new analysis done by The Wall Street Journal.
For basic searches like "maps,"...
Apple plans to release an all-new 16-inch MacBook Pro in October, according to supply chain sources cited by Taiwan's Economic Daily News.
The report claims the 16-inch display will be a...
Apple is widely expected to unveil a trio of new iPhones in September, and 9to5Mac has revealed a few new features we can expect.
First, the report claims all three models will feature a...
Apple earlier this month introduced a surprise update to its MacBook Pro line, overhauling the entry-level 13-inch machine to bring it in line with more expensive models that were updated back in...
Apple is now in advanced talks to purchase Intel's smartphone modem chip business, reports The Wall Street Journal, citing people familiar with Apple's plans.
A deal that covers a...
Apple's iPhone XR was the best selling iPhone in the third fiscal quarter of 2019, according to new data shared today by Consumer Intelligence Research Partners (CIRP).
The iPhone XS, iPhone...
