Mac ‘Fruitfly’ Malware Still Causing Stir
Anything that has to do with Apple Mac is sure to generate lots of interest and curiosity. So when the news broke out about a Mac malware outbreak, people just wanted to know more about it.
The Mac malware, named Fruitfly, was discovered around six months back in January, and it is still causing a stir. This highly invasive malware went undetected for years. It creates a “backdoor” and takes complete control of the system remotely—including the keyboard, mouse, screen, webcam, and files.
A security patch for Fruitfly was released by Apple earlier this year, but now a new variant of the malware has been found on hundreds of Mac computers. Security analysts have revealed that this malware uses an obfuscated perl script with antiquated code. Interestingly, the code still works well in modern Mac computers. The malware has the capability to connect with the control server with a command, and the actor can remotely take complete control of the victim’s Mac computer.
Law enforcement agents are trying to find if the return of the Malware is only intended for targeted surveillance, or if there is some government-related operandi. Patrick Wardle, an ex-NSA analyst says “I likely only saw a limited percentage of the total number of victims.”
He was able to uncover FruitFly victims after registering one of the domains the attackers had planned to use as a back up when the primary servers were offline. For whatever reason, the hackers didn’t own the domain.
According to Wardle he could see the IP address of the victim, and most of it was in the United States. He could also name the victim, and see who future victims would be. “Most appeared to be individuals, though there were some at colleges too,” he said.
Wardle handed the details to the law enforcement as soon he saw active infections. Wardle will be present at the Black Hat Conference this week with more details.
FruitFly has been seen before too. It was first detected earlier this year, while apparently targeting biomedical research centers. “The only reason I can think of that this malware hasn’t been spotted before now is that it is being used in very tightly targeted attacks, limiting its exposure,” wrote researcher Thomas Reed in January. “Although there is no evidence at this point linking this malware to a specific group, the fact that it’s been seen specifically at biomedical research institutions certainly seems like it could be the result of exactly that kind of espionage.
Kevin Jones743 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.