Earlier this year, researchers from security firm Malwarebytes discovered a piece of Mac malware called Fruitfly that reportedly spied on computers in medical research centers for years before being detected. Apple has since updated macOS to automatically detect the malware, safeguarding users.

macbook air
However, a new variant of the Fruitfly malware has recently been discovered by Patrick Wardle, a researcher with security firm Synack. Wardle said the malware has been targeting Macs for at least five years, with the number of infected Macs totaling nearly 400 and possibly much higher, reports Ars Technica.

The malware can supposedly capture screenshots, keystrokes, webcam images, and other info about each infected Mac. The Fruitfly variant also collects information about devices connected to the same network, according to the report.

Wardle said the method of infection remains unknown, but he suspects it involves tricking users into clicking on malicious links, as opposed to exploiting vulnerabilities in apps or in macOS. He added that the primary command-and-control server used by the malware's creators has since been shut down.

Many of the affected Macs have never been disinfected, however, allowing Wardle to create his own custom command-and-control server for the malware and witness the close to 400 infected machines connect to it.

After analyzing the new variant, Wardle was able to decrypt several backup domains that were hardcoded into the malware. To his surprise, the domains remained available. Within two days of registering one of the addresses, close to 400 infected Macs connected to the server, mostly from homes located in the United States. Although Wardle did nothing more than observe the IP address and user names of Macs that connected to his server, he had the ability to use the malware to spy on the users who were unwittingly infected.

Wardle will provide a briefing about his custom command-and-control server tactics on Wednesday at the Black Hat security conference in Las Vegas.

Since the method of infection is unknown, there aren't many specific steps users can take to ensure they're protected. But, given all domains known to be associated with the malware are no longer available, and the limited number of Macs infected beforehand, most users shouldn't be too worried about this malware.

One option Mac users have is to install OverSight, a free software tool that monitors a Mac's microphone and webcam, alerting the user when the internal microphone is activated, or whenever a process accesses the webcam.

Wardle has reported all of his findings to law enforcement officials, and the threat is likely neutralized, according to the report.

Tag: Malware

Top Rated Comments

Altis Avatar
96 months ago
Keep operating systems up to date. Exploitation of un-patched vulnerabilties by non-governments is exceedingly rare.

If you don't do security updates as they become available you almost deserve what you get.
That's why security updates should be separate from feature updates.

A lot of people deliberately don't update because of adverse changes to the user experience, leaving security vulnerabilities.
Score: 7 Votes (Like | Disagree)
throAU Avatar
96 months ago
That's why security updates should be separate from feature updates.

A lot of people deliberately don't update because of adverse changes to the user experience, leaving security vulnerabilities.
I get it, but it comes down to this:

Adapt or switch platforms if the user experience changes bother you that much.

No developer is going to support a massive number of platforms with security updates concurrently. They just can't afford to patch old platforms forever. Because every platform means a seperate codebase to maintain and backport/re-develop updates for, beta test, etc.

Apple right now supports 3 (? more?) OS revisions typically (i.e., they do split feature updates and security updates to that degree already), if you haven't dealt with the "user experience" changes after 2-3 new OS revisions, you should be jumping ship to another platform. Just not patching and becoming insecure isn't really a sensible choice.

I'm guessing the big cries from some still go back to the changes made in Lion. It is well beyond time to get over it.

But you'll get the same thing wherever you jump. MS won't support old operating systems forever, and neither will any Linux distribution. No one will.

Adapt, or deal with being insecure.
Score: 3 Votes (Like | Disagree)
throAU Avatar
96 months ago
Keep operating systems up to date. Exploitation of un-patched vulnerabilties by non-governments is exceedingly rare.

If you don't do security updates as they become available you almost deserve what you get.
Score: 3 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
96 months ago
People aren't aware of this? Been around for years.
Score: 2 Votes (Like | Disagree)
convergent Avatar
96 months ago
I wonder how many windows pcs are infected right now?
I would place my guess at zero Windows PCs infected with malware targeting Mac webcams, but I could be wrong. :rolleyes:
Score: 1 Votes (Like | Disagree)
charlituna Avatar
96 months ago
That's why security updates should be separate from feature updates.

A lot of people deliberately don't update because of adverse changes to the user experience, leaving security vulnerabilities.
with Mac OS they often are
Score: 1 Votes (Like | Disagree)

Popular Stories

iPhone SE 4 Thumb 1

iPhone SE 4 With Apple's Own 5G Modem 'Confirmed' to Launch in March

Tuesday November 19, 2024 12:12 pm PST by
Barclays analyst Tom O'Malley and his colleagues recently traveled to Asia to meet with various electronics manufacturers and suppliers. In a research note this week, outlining key takeaways from the trip, the analysts said they have "confirmed" that a fourth-generation iPhone SE with an Apple-designed 5G modem is slated to launch towards the end of the first quarter next year. In line with previo...
airtag purple

AirTag 2 Rumored to Launch Next Year With These New Features

Sunday November 17, 2024 5:18 am PST by
Apple released the AirTag in April 2021, so it is now three over and a half years old. While the AirTag has not received any hardware updates since then, a new version of the item tracking accessory is rumored to be in development. Below, we recap rumors about a second-generation AirTag. Timing Apple is aiming to release a new AirTag in mid-2025, according to Bloomberg's Mark Gurman....
Magic Mouse Next to Keyboard

No, Apple CEO Tim Cook Didn't Say He Prefers Logitech's MX Master 3 Over the Magic Mouse

Sunday November 17, 2024 3:03 pm PST by
While the Logitech MX Master 3 is a terrific mouse for the Mac, reports claiming that Apple CEO Tim Cook prefers that mouse over the Magic Mouse are false. The Wall Street Journal last month published an interview with Cook, in which he said he uses every Apple product every day. Soon after, The Verge's Wes Davis attempted to replicate using every Apple product in a single day. During that...
Generic iOS 18 Feature Real Mock

Apple Releases iOS 18.1.1 and iPadOS 18.1.1 With Security Fixes

Tuesday November 19, 2024 10:10 am PST by
Apple today released iOS 18.1.1 and iPadOS 18.1.1, minor updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September. iOS 18.1.1 and iPadOS 18.1.1 come three weeks after the launch of iOS 18.1. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Apple has also released iOS 17.7.2 for...
at t turbo indicator iphone 16 pro max v0 8hrh7w5f3w1e1

AT&T Turbo Indicator Showing Up in iPhone Status Bar for Subscribers

Wednesday November 20, 2024 3:42 am PST by
AT&T has begun displaying "Turbo" in the iPhone carrier label for customers subscribed to its premium network prioritization service, according to reports on Reddit. The new indicator seems to have started appearing after users updated to iOS 18.1.1, but that could be just coincidence. Image credit: Reddit user No_Highlight7476 The Turbo feature provides enhanced network performance through ...
iPhone 17 Slim Feature Single Camera 1 Redux

'iPhone 17 Air' Rumored to Surpass iPhone 6 as Thinnest iPhone Ever

Monday November 18, 2024 1:07 pm PST by
In a research note with Hong Kong-based investment bank Haitong today, obtained by MacRumors, Apple analyst Jeff Pu said he agrees with a recent rumor claiming that the so-called "iPhone 17 Air" will be around 6mm thick. "We agreed with the recent chatter of an 6mm thickness ultra-slim design of the iPhone 17 Slim model," he wrote. If that measurement proves to be accurate, there would be ...
bug security vulnerability issue fix larry

Make Sure to Update: iOS 18.1.1 and macOS Sequoia 15.1.1 Fix Actively Exploited Vulnerabilities

Tuesday November 19, 2024 10:52 am PST by
The iOS 18.1.1, iPadOS 18.1.1, and macOS Sequoia 15.1.1 updates that Apple released today address JavaScriptCore and WebKit vulnerabilities that Apple says have been actively exploited on some devices. With the JavaScriptCore vulnerability, processing maliciously crafted web content could lead to arbitrary code execution. The WebKit vulnerability had the same issue with maliciously crafted...