Skip to main content

Two Macs Malware Which Go By The Name FruitFly and FruitFly 2 Have Been Discovered



A distant malware, designed to infect Apple’s macOS, is leaving a bewildered look on the face of the security researchers. The first variant of the malware called FruitFly, aka the first Mac malware of 2017, was discovered earlier this year by the security firm Malwarebytes and
analyzed by Thomas Reed.
Back then, an IT admin at the firm had spotted some unusual outgoing traffic from a particular Mac. The “simplistic” malware consisted of only two files, carrying some “ancient” obfuscated Perl. Some of the code even dates back to 1998, before the existence of macOS. The malware could take screenshots, log keystrokes, spy through web cams, and it was known to have targeted some biomedical research centers as well. According to Malwarebytes, an update was released by Apple to take care of the same.
Fast forward a few months, another malware with similarities to FruitFly was detected by ex-NSA hacker Patrick Wardle who is now a security researcher at Synack. Known as FruitFly 2, it’s assumed that the malware is in existence for a decade or so, undetected by many antivirus software.
During the breakdown, Wardle found that FruitFly 2 could connect to a C&C server and send the data back to to the hackers, Motherboard reports. Backup servers were also present if some issues occur with the primary ones. More than 400 victims were discovered when Wardle infected his virtual machine after registering a domain that hackers planned to use as a backup.
FruitFly mac malware
List of detected IP addresses. (Credit: Patrick Wardle/Twitter)
He could see the IP addresses of the victims and even the names of the Mac computers. However, this number might increase as Wardle didn’t have access to all the C&C servers used to control the malware. Wardle contacted law enforcement and reported his findings. He has also talked about his findings at this year’s Black Hat conference.
Both Wardle and Reed are unaware of the origins of malware, who made it, and what is its purpose. In the case of the Wardle, around 90 percent of the FruitFly 2 victims are living in the US or Canada.
The possibility of the malware being baked by a federal body gets thinner as the malware isn’t sophisticated enough and it hasn’t targeted any high-profile individuals, writes Motherboard. FruitFly 2 isn’t a ransomware and it doesn’t log keystrokes. But, according to Wardle, both FruitFly malware might have been designed to perform surveillance.
FruitFly 2 is also written in Perl and allows the attacker to control the mouse and keyboard remotely. It even notifies the attacker when the victim starts using the mouse and keyboard.
Wardle said that malware seems to have been to target specific individuals, maybe normal Mac users or families, but the intentions are unclear. He calls the situation “worrisome.” He warns Mac users to be cautious while using their machines. “Just because they have a Mac, it doesn’t mean that they’re safe.”

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

The First Ubuntu 17.10 Beta Release Is Finally Here-Download 7 Different Flavors Here

Following the tradition, the first Beta release hasn’t witnessed the participation of default Ubuntu release, which will now ship with GNOME desktop environment. This brings us to the