You’re Not Safe from Malware Just Because You Use a Mac

What is the Fruitfly malware that has been affecting Macs?

Recently, a Mac malware known as “Fruitfly” has been discovered. ZDnet describes it as “stealthy but highly-invasive malware for Macs that went undetected for years”. The malware allows hackers to spy on users. It’s worrisome because it seems to be targeting random home users as opposed to organizations or high-profile figures.

“You have to realize that this kind of re-exposes the fact that you can be an ordinary person and still be victim of a really insidious attack”

This newly surfaced malware is a variation of one that was discovered in January of this year. Patrick Wardle is a former NSA hacker and current chief security officer at Synack. This week, he analyzed the malware and released his findings. On the surface, Fruitfly is not overwhelmingly complex.

However, it is undeniably effective. The malware uses old code, meaning these hackers have probably been around for a while. Still, it is pretty effective in modern versions of macOS, including Yosemite. The latest security update for Yosemite was released in May of this year.

Hackers can use Fruitfly to spy on their victims…

The malware was programmed to be able to perform surveillance tasks. It gives the hacker access to everything important (webcam, screen, keyboard, mouse, etc). Fruitfly connects to a command and control server. From there, the attacker can remotely spy on the user and control their computer.

The hackers can see everything that your webcam sees and record every key you type. The most interesting feature, according to Wardle, was that the malware notifies the hacker when the user is active, which is not common.

Because of the antiquated code, it seems that the malware has been around for five years to a decade. Unfortunately, it went undetected by macOS as well as antivirus products. The question is, why was it able to fly under the radar for such a long time?

“It’s not surprising that this malware wasn’t detected for five or more years because current Mac security software is often rather ineffective,” Wardle told ZDnet. “Most don’t even look for this kind of activity.”

In order to find out more about Fruitfly, Wardle created a command and control center so that he could interact directly with the malware. Wardle noticed that some of the backup servers that the malware was communicating to were available. He registered some of these domains and got his servers running. Immediately, victims of the malware began connecting to his servers. He now had access to their names and IP addresses and computers. Just like that, hundreds of victims fell to his mercy.

The perpetrators are unknown, and everyone is a potential target

This malware is shrouded in mystery. First, Fruitfly does not appear to be targeting companies or public figures. Rather, the infected computers belong average people with no discernable pattern. Also targeted were a few mid-sized research facilities.

According to Wardle, the lesson to learn here is that anyone can fall victim to hacking, “You have to realize that this kind of re-exposes the fact that you can be an ordinary person and still be victim of a really insidious attack”

A partial list of the computers that were infected by Fruitfly malware. Source: ZDnet

Furthermore, The means of infection is unknown so we don’t even know what to be aware of. There is not even an inkling whether the infected computers became infected by means of social engineering, a macOS vulnerability, or otherwise.

Also unknown is the individual or group behind the malware and its intended goal. Wardle says that more than likely, it is a single hacker “with the goal to spy on people for perverse reasons”. There is no reason to believe that this malware can be used to install ransomware. Due to the nature of the targets, home users, we can also rule out the idea of state-sponsored espionage.

Beware of the ‘unhackable’ myth

Apple released security patches for the version of “Fruitfly” found in January, however, variations have emerged. Apple has refused to comment on these recent discoveries. Wardle argues, “This is just another illustration that Macs are just as vulnerable as any other computer.” Although Windows software has been subject to a lot of hacking in the recent past, you are not safe just because you use Mac.

Hackers are savvy; they move where the money is. When the majority of users were using Windows, that’s where hackers went. Now that users have shifted toward Mac, the tide is shifting for hackers as well. Because Mac malware has been a rare occurrence to this point there is a perception that Macs are ‘unhackable’. However, everyone believed the Titanic was unsinkable, and look at how that turned out.