Security News “Perverse” malware infecting hundreds of Macs remained undetected for years

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years. The infections—known to number nearly 400 and possibly much higher—remained undetected until recently and may have been active for almost a decade.
Click to expand...

Patrick Wardle, a researcher with security firm Synack, said the malware is a variant of a malicious program that came to light in January after circulating for at least two years. Dubbed Fruitfly by some, both malware samples capture screenshots, keystrokes, webcam images, and information about each infected Mac. Both generations of Fruitfly also collect information about devices connected to the same network. After researchers from security firm Malwarebytes discovered the earlier Fruitfly variant infecting four Macs, Apple updated macOS to automatically detect the malware.
Click to expand...

The variant found by Wardle, by contrast, has infected a much larger number of Macs while remaining undetected by both macOS and commercial antivirus products. After analyzing the new variant, Wardle was able to decrypt several backup domains that were hardcoded into the malware. To his surprise, the domains remained available. Within two days of registering one of the addresses, close to 400 infected Macs connected to the server, mostly from homes located in the United States. Although Wardle did nothing more than observe the IP address and user names of Macs that connected to his server, he had the ability to use the malware to spy on the users who were unwittingly infected.
Click to expand...

Why?
Besides the means of infection being unknown, the exact purpose of the malware is also unclear. Wardle said he found no evidence the malware can be used to install ransomware or collect banking credentials. That largely removes the possibility that Fruitfly developers were motivated by financial profit. At the same time, the concentration of home users largely rules out chances the malware was designed by state-sponsored hackers to spy on targets.
Click to expand...


One of the interesting aspects of the latest Fruitfly variant is that it flew under the radar for so long. The malware relies on functions that were retired long ago and uses a crude method to remain installed once a Mac is infected. Compared to newer, more sophisticated malware, Fruitfly is much easier to detect. And yet, for whatever reason, no one caught it until recently.
Click to expand...
 
  • Like
Reactions: tryfon and brambedkar59
You must log in or register to reply here.

Similar threads

Ink
    • Like
    • +Reputation
Exploit shared at Defcon; Mac malware can easily bypass Apple’s 3-Layer Defence and Background Task Manager
Replies
0
Views
1,108
News Archive
Ink
Ink
CyberTech
    • +Reputation
    • Like
Malware News PSA: Watch out for these fake Safari and Chrome updates infecting Macs with AMOS
Replies
0
Views
1,058
Security News
CyberTech
CyberTech
vtqhtr413
    • Like
    • +Reputation
Security News TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service
Replies
4
Views
935
Security News
Jonny Quest
Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top