Have you heard of Fruitfly, a near-undetectable Mac backdoor Malware?
Even six months after it was discovered, the first Mac malware of the year is still causing a giant headache.
According to ZDNet, the recently discovered Fruitfly malware is a stealthy but highly-invasive infection for Macs that went undetected for years. The controller of the malware has the capability to remotely take complete control of an infected computer — files, webcam, screen, and keyboard and mouse.
But despite its recent discovery, there is still little is known about the malware.
Apple released security patches for Fruitfly earlier this year, but variants of the infection have since emerged. The core of the issue is an obfuscated perl script using the antiquated code, with indicators in the code that suggests the malware may go back almost half a decade or more, the security firm said. Nevertheless, this issue still works well on modern versions of macOS, including Yosemite. Fruitfly connects and communicates with a command and control server, where an attacker can remotely spy on and control an infected Mac.
But what it does, and why, aren’t widely known.
“It’s not the most sophisticated Mac malware,” said Wardle in a Signal call last week, but he described it as “feature complete.” Like others, he wasn’t sure what the malware did exactly on first glance.
He found that he could take complete control of an infected Mac, including its keyboard and mouse, take screenshots of the display, remotely switch on the webcam, and modify files. The infection can also run commands in the background, and even kill the malware’s process altogether — likely in an effort to avoid detection.