A mysterious malware known as FruitFly has infected Mac computers for at least five years, shattering the belief that Apple's products are generally safe from such security issues.
While FruitFly is not as prominent as the CopyCat malware that infected 14 million Android devices, the Petya ransomware that evoked memories of WannaCry, or the Xavier malware detected in more than 800 Google Play Store apps, it is still very a serious security issue for Apple and users of its Mac computers.
What Is The FruitFly Malware?
The FruitFly malware was actually first discovered back in January by Malwarebytes. The cybersecurity firm noted that there are indications that FruitFly has been circulating undetected for a long time, but it was just recently spotted because it was probably only being used in very tightly targeted attacks.
Synack chief security researcher Patrick Wardle has now provided more details on the mysterious malware, telling Mashable the results of his investigations into FruitFly.
Wardle, after creating a server that could communicate with the malware, discovered a list of all the IP addresses and computer names of all Macs that it has attacked. For most Macs, the computer name is the name of its owner.
Wardle then found that FruitFly allowed him to remotely switch on the webcams and microphones of Mac computers. He also had the ability to take control of the mice of the computers, change their files, and also receive notifications when the owners were using their computers.
"Usually you see that in government or nation-state software," the former NSA employee noted. However, the victims of FruitFly were not governments or officials, but rather regular users.
Perhaps the most disturbing of all is that FruitFly was not created to force victims into paying ransom amounts or to steal sensitive information. According to Wardle, FruitFly was created for surveillance purposes.
"[A] hacker built this to spy on users for probably perverse reasons," Wardle explained.
How Did FruitFly Evade Detection For Years?
The primary command-and-control server of FruitFly was already shut down, which is why Wardle had to create his own server to talk to the malware. However, many of the compromised Macs are still infected.
FruitFly used functions that were retired long ago, and uses a crude method to remain within an infected Mac computer once infection takes place. Compared to newer and more advanced malware, FruitFly is actually easier to detect, but Wardle said that the malware continued to fly under the radar due to the shortcomings of Mac security software.
Wardle noted that, while Macs are good at detecting known threats, Apple's computers are not good at identifying new threats. With FruitFly only being discovered recently, the security systems of Macs never knew what to look for.