Fruitfly malware, you will need a lot more insecticide

Mac OS users think that their computers are immune from things like viruses or malware attacks and think that their computers are somehow essentially protected. It is right that it’s less likely for a Mac OS user to be hit or infected with a malware than a Windows user, but they’re not malware-proof. Hackers may be more inclined to attack Microsoft’s operating system and look for code vulnerabilities, as more people use Windows devices than Macs. But Apple’s desktop operating system still gets its fair share of malware.

A new threat that affected only a few hundred machines was recently discovered and patched. This particular malware has a few scary features built-in though, including the ability to operate the webcam on a target’s computer and record everything the user types.

The Mac malware is called Fruit-Fly, the malware can remotely take full control of webcams, screen, mouse, keyboards, and install another malicious software. Fruit-Fly runs silently in the background, spies on users through the computer’s camera, capture images of what’s displayed on the screen and logs key strokes.

Anti-malware provider Malwarebytes made the discovery earlier this month, but it may have been in the wild since October 14th.

A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years. The infections—known to number nearly 400 and possibly much higher remained undetected until recently and may have been active for almost a decade.

Besides the means of infection being unknown, the exact purpose of the malware is also unclear. There is no evidence that the malware can be used to install ransomware or collect banking credentials. That largely removes the possibility that Fruitfly developers were motivated by financial profit. At the same time, the concentration of home users largely rules out chances the malware was designed by state-sponsored hackers to spy on targets.

Apparently, Fruitfly uses code functions predating the first release of OS X in 2001. But what’s interesting about the malware is that it’s not as widespread as one would assume, in spite of its advanced features. Apparently, Fruitfly was being used in targeted attacks, which would indicate that hackers were looking to spy on specific people.

There have been a number of stories over the past few years about Chinese and Russian hackers targeting and stealing US and European scientific research. Although there is no evidence at this point linking this malware to a specific group, the fact that it’s been seen specifically at biomedical research institutions certainly seems like it could be the result of exactly that kind of espionage.

A lot of Mac users are overconfident in the security of their Mac. The discovery just goes to reiterate to everyday users that there are perhaps people out there trying to hack their computers.

What’s even more puzzling is that the Mac malware can also run on Linux devices. In spite of its scary capabilities, Fruitfly isn’t a sophisticated piece of software and it can be easily detected as an anomalous process running on Macs. Updating macOS to the latest version should fix the problem, in case your device is infected.