The stronger OS X (now macOS) security model and lower market share used to mean it was of no interest to malware creators. It’s still not exactly a major target, but running a Mac without antivirus protection is getting increasingly risky. Case in point: A new piece of malware has been discovered, but it’s not technically all that new. The “Fruitfly” malware is believed to have been circulating since late 2014, and it can spy on everything you do on the computer.

Security firm Malwarebytes only heard about the malware recently from an IT administrator who discovered unusual internet traffic from one of the machines under his care. The investigation by Malwarebytes revealed this is some pretty serious malware.

According to Malwarebytes, when Fruitfly is deployed on a system, it begins taking screenshots of the user’s activities. It’s also able to covertly activate the webcam to get a look at what’s happening near the computer. Researchers who have looked into the malware report that it may even have the ability to take over control of the system.

Interestingly, Fruitfly has some components that are clearly Linux-based and pre-date OS X. For example, it’s using the libjpeg tool to create jpeg files, which was last updated in 1998. The system calls it uses are similarly antique. With some tweaking, Malwarebytes was able to get it running on a Linux system. Researchers believe it may be derived from some piece of previously unidentified Linux malware. It’s possible the use of old code and archaic system calls could be a method to evade detection. It’s even been patched with specific fixes for OS X Yosemite, indicating it has been around since at least 2014.

Yosemite

Fruitfly has been added to the Malwarebytes database, but only a few other security firms have updated their Mac clients with the signature. So far, Kaspersky, McAfee, Sophos, and Symantec have added support for detecting and removing Fruitfly. It is believed the prevalence of this malware is quite low, and no one knows for sure how it is being spread. That could indicate a very focused attack, and there’s some evidence to indicate that it’s being targeted at biomedical companies in particular. It may be custom designed to steal trade secrets.

Malwarebytes has provided Apple with the details of Fruitfly, but there’s been no public statement from Cupertino yet. Apple has, however, created an update to macOS that blocks Fruitfly. If you are running a completely updated version of macOS, you should be protected from this threat soon. You probably aren’t in danger from Fruitfly, but it’s just another reminder that the internet is a dangerous place, no matter what operating system you use.

Source :

extremetech

Leave a Reply