Slashdot Mirror
Mysterious Mac Malware Has Infected Hundreds of Victims For Years (vice.com)
An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.
Because Mac users are fruits
"I got [insert anti-virus here] and it has never found anything on [linux;mac os;*nix]?
And you want to argue why they are wrong and when you do, it goes over their heads.
More Window$ PCs were infected by malware while reading this post.
iLluminati
Is it really a self-installing virus, or user-installed malware?
#DeleteFacebook
I think Mac users stopped saying the Mac was immune about 10 years ago. My take on it is that out of the two major desktop options, Windows and Mac, the Mac is the safer bet. As is iOS over Android.
Linux isn't an option for me or most users on the desktop. Too complicated for average users, and for those who rely on creative apps no real options. (please don't tell me about open source alternatives to Photoshop, ProTools etc, they aren't as good. Apple products are not bullet proof, but I still believe for the average user and creative types they are the best option security wise.
Be kind, for everyone you meet is fighting a difficult battle. - Plato
There were some claims in the past made by many people, that Mac's don't get computer virus's. For the most part that was true for a while. As far significance goes, the FruitFly virus is not. However, it is an attack vector. So, Apple needs to fix this problem.
Shouldda got Windows (*slap* *slap* *slap*...)
Table-ized A.I.
With the very low number of infections and the monitoring of the user through like the webcam, I would think this is a case where looking at the owners of the infected Macs would yield a lot more information about the author and its purpose.
I wouldn't be surprised if this was on the Macs of individuals who have had issues with stalkers in the past.
Mimetics Inc. Twitter
If it's MALware, doesn't it have to do something MALicious? I can't see what this stuff does that is bad. It just sits around watching what you do and doesn't bother you. Nobody even noticed it for years. I think it should be called PALware, like some guy who comes over and sits in your garage and watches while you work on your car. A real PAL. And it doesn't even drink your beer.
Apparently, according to TFA, no one knows how the infection occurs.
Is it really a self-installing virus, or user-installed malware?
With that low of an infection-rate, do you even have to ask?
There were some claims in the past made by many people, that Mac's don't get computer virus's. For the most part that was true for a while. As far significance goes, the FruitFly virus is not. However, it is an attack vector. So, Apple needs to fix this problem.
They will.
I feel like someone who used to work for Apple decidedly to exploit some bug he ran into while coding. How would it get pushed out? 400 users, and the servers weren't active today. A particular website that installs it? A particular update on some standard Mac program? Was he just looking to spy on a few people, got bored or scared and turned it all off?
It makes for a good mystery story. I hate not knowing the answer.
Oh dont worry. The apple faithful always show up spew bullshit and lies
It was written in Perl. Perhaps some Perl regex has become self-aware.
Custom electronics and digital signage for your business: www.evcircuits.com
There were some claims in the past made by many people, that Mac's don't get computer virus's.
That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.
What the Mac is, is more resistant to viruses and malware than say - Windows.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
I'm a long-time Mac-user and Apple fan in general -- and while I feel far more confident when using MacOS than when using Windows, I also feel that it is folly to try to convince anyone that Macs are somehow immune to computer viruses. The way I see it, you have to be realistic and recognize that your own personal vulnerability to hacking efforts is dependent upon a great number of factors. In fact, just like any other crime, the most obvious factors to consider are means, motive and opportunity.
Means could perhaps refer to vulnerabilities. Everyone knows that Microsoft's code sucks -- but let's be frank: Apple releases security patches, too. Therefore, there have been security vulnerabilities in their code. Therefore, human nature being what it is, it is extremely likely that there are still security vulnerabilities in their code. It may sound an awful lot like a logical fallacy, but anyone who really knows computers will tell you that this is almost certainly true, nonetheless.
Motive is most often addressed by Mac advocates (and PC advocates alike, for that matter) who trumpet Apple's small market share as a reason for ignoring the platform. The thing is, Apple's market share figures do not by any stretch of the imagination convey the shear raw number of Mac users; believe it or not, there are somewhere around 100 million Mac users, according to recent figures from Apple. That's not such a small target, if you think about it. But perhaps more intriguing than that, is the finicky nature of this so-called "security through obscurity" argument... because it's not exactly universally true; that is to say, it's only valid until someone interesting to a hacker starts using the platform in question. At that point, the return-on-investment isn't so much a question of how many people they can scoop up in their net... so long as they successfully scoop up the intended target.
And finally, opportunity: We could interpret this as the "human" element, or simply the question of how many Mac users happened to commit the specific type of opsec failure, which causes them to fall into whatever trap had been laid. The small infection rate could suggest that the window of opportunity was small, for some reason; perhaps the nefarious entity who laid the trap was just messing around for a little while, or perhaps (as implied above) they caught up their intended target in the trap, and promptly pulled down their trap to minimize further chances of discovery, and prolong access to the intended target. (Looking at the facts of the case, it might be reasonable to state that they quite succeeded in this goal!)
So regardless of your preferred platform -- this means you too, *nix users -- never, ever assume that your favorite platform is absolutely perfectly secure. Unless it's disconnected from the network entirely. And disconnected from power. And sealed in a locked safe. At the bottom of the ocean. With explosive booby traps. Surrounded by trained sharks with fricken lasers mounted on their heads.
And... well... probably not even then.
This was discovered in January and is likely a variant of Backdoor.OSX.Mokes which was discovered years prior. Nothing new, just anti-virus vendors trying to make a buck off of FUD that headline desperate fake news outlets are desparate to publish to get eyeballs on their advertising.
Which is pretty much every single Apple Mac user out there.
There were some claims in the past made by many people, that Mac's don't get computer virus's.
Which is particularly funny since I was handed decompiled code to a Mac virus (actually a sneakernet worm) back in the original Mac days. (I don't recall if it was before there WERE IBM PCs, let alone clones, or if it was just before PC malware was known.)
For many years, practiclly the beginnng of their deployment, there were worms, viruses, etc. on both. But those for Mac tended to be (relatively) harmless pranks - an animated bug crawling up the screen, animated trains (with sound effects) running across the menu bar and around the room on the apple-talk networked boxen, "bomb" boxes that dodged the mouse when you tried to dismiss them - while those for PCs tended to be damaging to data.
Macs were easy. In order to simplify the user experience the OS looked for (and ran if found) new drivers whenever you inserted a plastic-case floppy. What could POSSIBLY go wrong with that? B-b
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
With a long history, a very small number of infected machines, and no active exploitation, I'd guess it's something someone was playing with that he's abandoned long ago or which "escaped from the lab" but didn't get far.
One of the hazards of self-propagatng code is that it does so on its own. So if, while under development, it finds a net connection to a set of vulnerable machines, it's out and spreading. Like before the command-and-control is debugged and/or the payload is ready to do its dirty work. (Thus it may be much nastier than the author(s) inteded.)
If it's GOOD at spreading it quickly saturates the vulnerable population and comes to the attention of users and security experts. If it's BAD at spreading its escape might not be noticed by the author at all - or by anyone else for years, if at all.
400 machines and a decade before it's noticed seems about right.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So the people who got infected are those who:
- intentionally downloaded malware in spite of a warning from a security product
- gave an exception to said malware. At least twice
- then opted-in to the malware
This would seem to be some sort of popularity scheme article
Is it really a self-installing virus, or user-installed malware?
With that low of an infection-rate, do you even have to ask?
400, sounds like a number pulled out of their ass.
There could be that many running Winders 10...
Worst Malware to date!
If an infection with "a few hundred" cases is the best example of Mac malware that Malwarebytes can provide, it is hardly a ringing endorsement for putting their product on my machine.
With so few examples in the wild, my guess is that FruitFly piggybacked onto one of those fake Flash installers that you run into on some of the sketchier websites, or else was installed by a "Mac support specialist" at some Indian call center (yes, there are also websites that target Mac users with the same bogus "Your computer has a virus! Call this number for help!" messages).
Given that some Mac anti-virus vendors have flagged open source software such as wacaw and Platypus as "malware", I'm skeptical in the extreme about hysterical claims concerning evil malware infections running rampant in the MacOS ecosystem. Run a good ad-blocker instead, and you'll eliminate the attack vector for 99.99% of this crap.
Well, if it infected 400 Macs then that is pretty damn close to a Zero infection rate now, isn't it. And stop being stupid. Nobody in 2017 makes that claim. The 1990s called and wants its post back.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
IBM PC's had the problem with boot-sector viruses resident on floppy disks. Especially since MS-DOS PC's in university labs didn't have any concept of file ownership.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Ha ha ha ha ha ha ha ! :-)
Thanks for the laugh, chum. You obviously haven't used any version of Linux for YEARS.
His satisfaction is quite irrelevant. Unless you believe that Any True Scotsman would faff around indefinitely to shave one more nickle off the purchase price.
What matters here is his prospective utility: his net upside after the huge investment to research the alternatives, reinvent his established workflow, learn about all the new nits and gremlins, flawlessly administrate his custom stack of validated alternatives, resolving interoperability difficulties with his contacts and clients, etc. etc.
About 10% of all open source zealots really ought to check themselves into Faffaholics Anonymous.
No. What the Mac is, is more resistant to WINDOWS-based viruses and WINDOWS-based malware.
By it's nature, it's vulnerability to viruses and malware differs from that of Windows. It is NOT, as some dummies would claim, "immune".
Chas - The one, the only.
THANK GOD!!!
This code is in C, who the hell uses C anymore must be so ancient.
They are trying to get photos of girls undressing and seeing their private parts as well.
There were some claims in the past made by many people, that Mac's don't get computer virus's.
That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.
What the Mac is, is more resistant to viruses and malware than say - Windows.
Maybe,what I said is incomplete?
No. What the Mac is, is more resistant to WINDOWS-based viruses and WINDOWS-based malware.
By it's nature, it's vulnerability to viruses and malware differs from that of Windows. It is NOT, as some dummies would claim, "immune".
Umm, I know you'd like to rage, but while you disagree with me, that's exactly what I said. They aren't immune.
But Windows machines are inherently more vulnerable overall.
I do know I've never cleaned up a virus infected Mac, and most of them run bareback. Windows machines? Many. Now turn off your firewall and Windows defender, please, and let me know how it works out for ya.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
There were some claims in the past made by many people, that Mac's don't get computer virus's.
That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.
What the Mac is, is more resistant to viruses and malware than say - Windows.
Maybe,what I said is incomplete?
If so, it was purposeful.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Why did the summary read like a description of discovery of some endangered species?
Only 400 in the wild! So, shall we start some breeding program to preserve it?
The whole world must be ending.
The estimated installed base of macOS machines is 80 million. 400 infections is a tiny proportion of this: 0.0005%, or one in 2,000. That's pretty weird for a virus: how do you manage to create something that is capable of spreading, but so bad at it that it only hits one in 2,000 machines?
I am TheRaven on Soylent News
Well, laugh about it now but no one knew it ever existed for so long until now, which is pretty impressive
No one knew it was there because, statistically speaking, it wasn't. Random sampling of machines is probably not going to find something that's only on one in 2,000, particularly if they're clustered somehow.
I am TheRaven on Soylent News
'its'. The word is spelt 'its'.
Except when you mean the contracted form of 'it is'. Which you didn't.
with 400 known installs over more than a decade, I'd lean towards social engineering and phishing rather than self propagating. Of course, that is based on the assumption that most of the existing installs phoned home to his Command&Control server.
Considering the age of this thing, it looks like *apparently* the primary Command&Control server is down, based on the fact that the 400 installs connected to the backup address when it came to life.
This makes me wonder if the thing was far more widespread once, served whatever nefarious purpose it was intended for, and then was abandoned. 10 years being an eternity in computer years, a lot of infected machines would have been wiped, replaced, or trashed since, perhaps only leaving these few surviving installs on older machines, or ones with overly thorough backup/migration processes.
I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
It also looks like its over 10 years old, which probably means a lot of installs have been lost to system wipes, drives being replaced, and even system failures. 10 years is forever in computer years.
I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
It also looks like its over 10 years old, which probably means a lot of installs have been lost to system wipes, drives being replaced, and even system failures. 10 years is forever in computer years.
So?
Even if 10 "installs" were lost to every one still found, that's still a minuscule infection rate over 10 days, let alone 10 YEARS.
Isnt that kind of the point for malware? Harder to detect?
Biggest factor in the Mac malware gambit is still market penetration.
Chas - The one, the only.
THANK GOD!!!
Biggest factor in the Mac malware gambit is still market penetration.
Which if true, would be a good reason to use one. But no, like it or not, Windows is much more vulnerable,
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
No, actually it would eventually become a self-correcting issue.
As market share increases, it's desirability as a target platform goes UP.
Chas - The one, the only.
THANK GOD!!!
The interesting thing if it's really that old is that it's highly unlikely that a 10 year old Mac virus would be able to infect newer versions of OSX, simply because backwards compatibility is not important in the Mac world. The article didn't say, but if it's been around 10 years and hasn't been updated, then those 400 computers are some pretty old computers (an eternity in Mac years) that have hung around for some reason, thus the infection must have been much more widespread back in the day.
Yes, fuck face, you should ask. The most advanced, targeted malware doesn't want to be discovered and once it found its target it just chills. Just look at earlier versions of stuxnet.