An odd slice of malware that tin remotely lead keep command of webcams, screen, mouse, keyboards, in addition to install additional malicious software has been infecting hundreds of Mac computers for to a greater extent than than 5 years—and it was detected only a few months back.
Dubbed FruitFly, the Mac malware was initially detected before this twelvemonth yesteryear Malwarebytes researcher Thomas Reed, in addition to Apple apace released safety patches to address the unsafe malware.
Now months later, Patrick Wardle, an ex-NSA hacker in addition to at in ane lawsuit primary safety researcher at safety theatre Synack, discovered or thus 400 Mac computers infected alongside the newer strain of the FruitFly malware (FruitFly 2) inward the wild.
Wardle believes the lay out of infected Macs alongside FruitFly ii would probable last much higher, every bit he entirely had access to some servers used to command FruitFly.
Although it is unknown who is behind FruitFly or how the malware gets into Mac computers, the researchers believe the nasty malware has been active for or thus x years, every bit some of its code dates dorsum to every bit far every bit 1998.
"FruitFly, the kickoff OS X/macOS malware of 2017, is a rather intriguing specimen. Selectively targeting biomedical inquiry institutions, it is idea to lead keep flown nether the radar for many years," Wardle wrote inward the abstract of his talk, which he is going to introduce at the Black Hat afterward this week.Since the initial infection vector for FruitFly is unclear, similar almost malware, Fruitfly could probable infect Macs either through an infected website delivering the infection or via phishing emails or a booby-trapped application.
FruitFly is surveillance malware that's capable of executing trounce commands, moving in addition to clicking a mouse cursor, capturing webcam, killing processes, grabbing the system's uptime, retrieving shroud captures, in addition to fifty-fifty alerting the hacker when victims are in ane lawsuit again active on their Mac.
"The entirely argue I tin intend of that this malware has non been spotted before at in ane lawsuit is that it is beingness used inward really tightly targeted attacks, limiting its exposure," Reed wrote inward the Jan weblog post.
"Although in that place is no testify at this betoken linking this malware to a specific group, the fact that it has been seen specifically at biomedical inquiry institutions sure seems similar it could last the lawsuit of just that form of espionage."Wardle was able to uncover FruitFly victims after registering a backup command in addition to command (C&C) server that was in ane lawsuit used yesteryear the attacker. He thus noticed or thus 400 Mac users infected alongside FruitFly started connecting to that server.
From there, the researcher was besides able to encounter IP addresses of FruitFly infected victims, indicating ninety pct of victims were located inward the United States.
Wardle was fifty-fifty able to encounter the advert of victims' Macs every bit well, making it "really slowly to pretty accurately nation who is getting infected," he told Forbes.
But rather than taking over those computers or spying on the victims, Wardle contacted police pull enforcement in addition to handed over what he flora to police pull enforcement agents, who are at in ane lawsuit investigating the matter.
Wardle believes surveillance was the primary utilisation of FruitFly, though it is all the same unclear whether it is authorities or other hacker groups.
"This did non await similar cyber offense type behaviour; in that place were no ads, no keyloggers, or ransomware," Wardle said. "Its features had looked similar they were actions that would back upwards interactivity—it had the might to warning the assailant when users were active on the computer, it could copy mouse clicks in addition to keyboard events."Since the Fruitfly's code fifty-fifty includes Linux trounce commands, the malware would operate only fine on Linux operating system. So, it would non come upwards every bit a surprise if a Linux variant of Fruitfly was inward operation.
Share This :
comment 0 Comments
more_vert