New Surveillance Malware “FruitFly” Is a Nearly Undetectable Mac Backdoor
Charles McFarland contributed to this blog
Mac malware outbreaks used to be viewed as a rarity. However, the last few years have seen Mac-focused threats steadily on the rise. In fact, our McAfee Labs Quarterly Threats Report showed instances of Mac malware growing by a huge 744% in 2016. Fast forward to the summer of 2017, and a new and powerful strain of Mac malware has hit the scene. Named FruitFly, the threat has only recently been detected by researchers, despite being around for years. The malware is highly-invasive and capable of taking complete control of an infected Mac.
FruitFly malware works as a traditional RAT (remote access trojan). Once it infects a Mac, this RAT creates a backdoor and helps the attacker control the infected device through the Command and Control server (C&C or C2) by sending its system commands. These commands include taking screenshots of the display, remotely switching on the webcam, and modifying files. What’s more — later versions of FruitFly seem to have the ability to control mouse movements and interactions with the infected machine.
Though powerful, FruitFly is primarily old fashioned. It partially utilizes the Perl programming language, which is not commonly used anymore. Additionally, the open source libjpeg code, which enables programmers to handle the JPEG image format, can also be found in FruitFly malware samples dating back to at least 1998. This all suggests the programmers have been around for some time.
Who has been impacted by FruitFly so far? Fortunately, only a small number of users are known to have been targeted by both old and new variants. Biomedical personnel were the main target of the first variant and users at home were the target of the later variant. However, smaller, tailored FruitFly campaigns may continue to persist for a while, which means all Mac users need to be vigilant. Additionally, much of the code written for FruitFly is cross platform, meaning that it can also run on Linux. While the current version does not run fully on Linux, there are only a few necessary changes to make it viable. This suggests a Linux variant may exist or is planned.
The good news is there are a few things users can do to stay protected from FruitFly. First off, users can protect against older variants just by updating a Mac to include the latest patch. Newer variants still require detection and prevention, which means users need to run up-to-date security products.
For McAfee customers – our solutions detect both the dropper and the sample itself from the both old and new variants. The latter is detected using our cloud technology Artemis.
To learn more about this attack and Mac malware, follow us at @McAfee and @McAfee_Business
The post New Surveillance Malware “FruitFly” Is a Nearly Undetectable Mac Backdoor appeared first on McAfee Blogs.
Read more: New Surveillance Malware “FruitFly” Is a Nearly Undetectable Mac Backdoor
More antivirus and malware news?
- Whitelisting project helps industrial control systems owners find suspicious files
- Google leads ‘guerilla patching’ of big vulnerability in open source projects
- Computer Attack Disables California School District’s System
- S3 Ep27: Census scammers, beg bounties and data breach fines [Podcast]
- US Lawmakers Kick Off Debate Over Online Privacy
- Gelassenheit Sprüche für Ruhe und Balance
- Facebook knows the likely religion of your Valentine’s Day snuggle-bunny
- Microsoft delivers Defender ATP security service to Macs
- Apple Rolls Out Security Updates for iOS, macOS
- Akamai Acquires Identity Management Firm Janrain