Mac malware 'FruitFly' caught silently spying on computer users

Bruno Cirelli
Luglio 25, 2017

The malware, called FruitFly, allows hackers to jump into webcams of affected computers and take screenshots.

Security firm Malwarebytes found the first variant of FruitFly in January, but a second version has recently emerged, affecting at least 400 computers, according to Patrick Wardle, chief securtiy researcher at security firm Synack. Both Fruitfly generations also collect information about devices connected to the same network as the Mac.

But Wardle has discovered a variant in the wild.

Within two days of registering one of these addresses, almost 400 infected Macs were connected to the server, mostly from homes located in the United States.

"We still don't know how it gets installed", said Thomas Reed, Director of Mac Offerings at Malwarebytes, earlier this year. Although the method of spreading the virus is still unknown, Wardle suspects this action involves the user to click on a malicious link. It's unclear if the perplexing malware still poses a risk to potential victims, and InfoSec experts believe even more computers could have been impacted by Fruitfly.

Although Wardle does nothing more than observe the IP address and username of the Mac which is connected to the server, he has the ability to use the malware to spy on users who are not aware that they have the virus.

Through his command and control server, Wardle was able to uncover the capabilities of Fruitfly by making requests of the malware and seeing how it would respond, giving him unprecedented access to the malware. By infecting a lab computer and watching how it interacted with the backup server, the researcher was able to more easily understand how various commands worked.

One of the interesting aspects of the latest Fruitfly variant is that it flew under the radar for so long. A recent submission to the VirusTotal malware detection service shows that 19 of the top 56 AV- and endpoint-protection products now detect the malware.

Altre relazioni OverNewsmagazine

Discuti questo articolo