Mysterious Mac Malware Has Infected Hundreds of Victims For Years

An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.

Fruitfly

Because Mac users are fruits

Re:Fruitfly

[GerardAtJob]

"Because an apple is a fruit" is too complex for your brain? ;)

Re:Fruitfly

[alex67500]

Or because fruit flies like an apple?

Re:Fruitfly

[sh00z]

I thought the punch line was "fruit flies like a banana."

Re:Fruitfly

[frank_adrian314159]

Or is that time flies like a banana?

N.B. Do not attempt to decode previous joke unless you are familiar with the history of natural language processing.

Re:Fruitfly

Historical data on time flies suggest a likeness to munitions.

Captcha: Devote. Because bad pun is bad.

Re:Fruitfly

[cstacy]

Or is that time flies like a banana?

N.B. Do not attempt to decode previous joke unless you are familiar with the history of natural language processing.

It is hard to wreck a nice beach!

(And you don't need semantic prediction for that!)

Re: Fruitfly

[mnemotronic]

Time Flys like an arrow. Pesky little Gallifreyan buggers, you know.

Re:Fruitfly

[alex67500]

Or maybe a Time Capsule flies like an Apple?

Re:Fruitfly

[alex67500]

yeah but Macs are made by Apple so...

Re:Fruitfly

[Demena]

There used to be a computer company called FruitFly, so named because they "ate apples for breakfast". They had their own Woz but no Jobs.

How many of you guys had to hear this:

"I got [insert anti-virus here] and it has never found anything on [linux;mac os;*nix]?

And you want to argue why they are wrong and when you do, it goes over their heads.

Re:How many of you guys had to hear this:

And they weren't wrong - the whole fucking point of the article is that this has been out there for years, without detection by anybody. Including your smug superior ass.

Re: How many of you guys had to hear this:

Yeah Mac don't get viruses!

Compromised by ancient functions...

Re: How many of you guys had to hear this:

It could be worse. After all, it's rather sad that the world' most prolific OS gets blinked, by pretty much anything - old, new, scary clever, even downright stupid malware.

Re: How many of you guys had to hear this:

[The123king]

https://arstechnica.co.uk/secu...
http://www.dailymail.co.uk/sci...

People in glass houses shouldn't throw stones

first post

first p0st

Re:first post

You fail it!!!!!

Guess

Macs aren't so virus proof after all

Re:Guess

[DontBeAMoran]

Is it really a self-installing virus, or user-installed malware?

Re:Guess

There were some claims in the past made by many people, that Mac's don't get computer virus's. For the most part that was true for a while. As far significance goes, the FruitFly virus is not. However, it is an attack vector. So, Apple needs to fix this problem.

Re:Guess

[MikeMo]

Apparently, according to TFA, no one knows how the infection occurs.

Re:Guess

[TheFakeTimCook]

Is it really a self-installing virus, or user-installed malware?

With that low of an infection-rate, do you even have to ask?

Re:Guess

[TheFakeTimCook]

There were some claims in the past made by many people, that Mac's don't get computer virus's. For the most part that was true for a while. As far significance goes, the FruitFly virus is not. However, it is an attack vector. So, Apple needs to fix this problem.

They will.

Re:Guess

[Ol+Olsoc]

There were some claims in the past made by many people, that Mac's don't get computer virus's.

That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.

What the Mac is, is more resistant to viruses and malware than say - Windows.

Re:Guess

[Ungrounded+Lightning]

There were some claims in the past made by many people, that Mac's don't get computer virus's.

Which is particularly funny since I was handed decompiled code to a Mac virus (actually a sneakernet worm) back in the original Mac days. (I don't recall if it was before there WERE IBM PCs, let alone clones, or if it was just before PC malware was known.)

For many years, practiclly the beginnng of their deployment, there were worms, viruses, etc. on both. But those for Mac tended to be (relatively) harmless pranks - an animated bug crawling up the screen, animated trains (with sound effects) running across the menu bar and around the room on the apple-talk networked boxen, "bomb" boxes that dodged the mouse when you tried to dismiss them - while those for PCs tended to be damaging to data.

Macs were easy. In order to simplify the user experience the OS looked for (and ran if found) new drivers whenever you inserted a plastic-case floppy. What could POSSIBLY go wrong with that? B-b

Re:Guess

Is it really a self-installing virus, or user-installed malware?

With that low of an infection-rate, do you even have to ask?

400, sounds like a number pulled out of their ass.
There could be that many running Winders 10...

Worst Malware to date!

Re:Guess

[mikael]

IBM PC's had the problem with boot-sector viruses resident on floppy disks. Especially since MS-DOS PC's in university labs didn't have any concept of file ownership.

Re:Guess

[Chas]

No. What the Mac is, is more resistant to WINDOWS-based viruses and WINDOWS-based malware.

By it's nature, it's vulnerability to viruses and malware differs from that of Windows. It is NOT, as some dummies would claim, "immune".

Re:Guess

There were some claims in the past made by many people, that Mac's don't get computer virus's.

That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.

What the Mac is, is more resistant to viruses and malware than say - Windows.

Maybe,what I said is incomplete?

Re:Guess

[Ol+Olsoc]

No. What the Mac is, is more resistant to WINDOWS-based viruses and WINDOWS-based malware.

By it's nature, it's vulnerability to viruses and malware differs from that of Windows. It is NOT, as some dummies would claim, "immune".

Umm, I know you'd like to rage, but while you disagree with me, that's exactly what I said. They aren't immune.

But Windows machines are inherently more vulnerable overall.

I do know I've never cleaned up a virus infected Mac, and most of them run bareback. Windows machines? Many. Now turn off your firewall and Windows defender, please, and let me know how it works out for ya.

Re:Guess

[Ol+Olsoc]

There were some claims in the past made by many people, that Mac's don't get computer virus's.

That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.

What the Mac is, is more resistant to viruses and malware than say - Windows.

Maybe,what I said is incomplete?

If so, it was purposeful.

Re:Guess

[TheRaven64]

The estimated installed base of macOS machines is 80 million. 400 infections is a tiny proportion of this: 0.0005%, or one in 2,000. That's pretty weird for a virus: how do you manage to create something that is capable of spreading, but so bad at it that it only hits one in 2,000 machines?

Re: Guess

Well, laugh about it now but no one knew it ever existed for so long until now, which is pretty impressive

Re: Guess

[TheRaven64]

No one knew it was there because, statistically speaking, it wasn't. Random sampling of machines is probably not going to find something that's only on one in 2,000, particularly if they're clustered somehow.

Re:Guess

'its'. The word is spelt 'its'.

Except when you mean the contracted form of 'it is'. Which you didn't.

Re:Guess

[Jarik+C-Bol]

with 400 known installs over more than a decade, I'd lean towards social engineering and phishing rather than self propagating. Of course, that is based on the assumption that most of the existing installs phoned home to his Command&Control server.
Considering the age of this thing, it looks like *apparently* the primary Command&Control server is down, based on the fact that the 400 installs connected to the backup address when it came to life.
This makes me wonder if the thing was far more widespread once, served whatever nefarious purpose it was intended for, and then was abandoned. 10 years being an eternity in computer years, a lot of infected machines would have been wiped, replaced, or trashed since, perhaps only leaving these few surviving installs on older machines, or ones with overly thorough backup/migration processes.

Re:Guess

[Jarik+C-Bol]

It also looks like its over 10 years old, which probably means a lot of installs have been lost to system wipes, drives being replaced, and even system failures. 10 years is forever in computer years.

Re:Guess

[TheFakeTimCook]

It also looks like its over 10 years old, which probably means a lot of installs have been lost to system wipes, drives being replaced, and even system failures. 10 years is forever in computer years.

So?

Even if 10 "installs" were lost to every one still found, that's still a minuscule infection rate over 10 days, let alone 10 YEARS.

Re:Guess

[Chas]

Biggest factor in the Mac malware gambit is still market penetration.

Re:Guess

[Ol+Olsoc]

Biggest factor in the Mac malware gambit is still market penetration.

Which if true, would be a good reason to use one. But no, like it or not, Windows is much more vulnerable,

Re:Guess

[Chas]

No, actually it would eventually become a self-correcting issue.

As market share increases, it's desirability as a target platform goes UP.

Re:Guess

[toddestan]

The interesting thing if it's really that old is that it's highly unlikely that a 10 year old Mac virus would be able to infect newer versions of OSX, simply because backwards compatibility is not important in the Mac world. The article didn't say, but if it's been around 10 years and hasn't been updated, then those 400 computers are some pretty old computers (an eternity in Mac years) that have hung around for some reason, thus the infection must have been much more widespread back in the day.

Re: Guess

[Brockmire]

Yes, fuck face, you should ask. The most advanced, targeted malware doesn't want to be discovered and once it found its target it just chills. Just look at earlier versions of stuxnet.

400 over 10 years?

More Window$ PCs were infected by malware while reading this post.

Re: 400 over 10 years?

Omg micr0$oft is teh worst

Re: 400 over 10 years?

How did you gn0?!?

Re:400 over 10 years?

That's the point, that's why it's mysterious. Because it affected so few people nobody noticed in a decade. Derp.

It says something about the state of AV in general and Macs in particular.

Re:400 over 10 years?

[DontBeAMoran]

Guys! Stop reading his post! You're infecting Windows PCs!

Re: 400 over 10 years?

He gnu

Re: 400 over 10 years?

Because Apple did maintain same backdoors for 10 years.

I want my watermelon!!!

Re:400 over 10 years?

[link-error]

Soon as he registered the backup domain... 400 computers connected to report. Machine should be logging IP connections in general, perhaps daily counts, in particular, failed connections.

Re:400 over 10 years?

[Ol+Olsoc]

More Window$ PCs were infected by malware while reading this post.

this should be +5 informative, because it is true.

Re:400 over 10 years?

Yet it isn't, and it isn't.

Re: 400 over 10 years?

[artownz]

st00p3d micr0$oft and their bugs just infected iOS's flawless code by proximity

Re:400 over 10 years?

[AbRASiON]

Really slashdot? Aren't we over this phase? It's 2017, it's an interesting article. The "but but but Micro$hit!" stuff isn't needed.

Mac, Windows and Linux users are all coming here and always have.

Re:400 over 10 years?

[Ol+Olsoc]

Yet it isn't, and it isn't.

Because you are wrong, and you are extremely wrong.

http://www.pcworld.com/article...

Re:400 over 10 years?

And probably just as many Android smartphones and tablets were. That is what happens when you're the most popular and widely used platform by such a large margin.

Re: 400 over 10 years?

[The123king]

Eh, takes a lot to top this: https://www.theverge.com/2014/...

iLluminati

[cinghiale]

iLluminati

Re:iLluminati

your a doosh

Best bet, but nothing is secure

[605dave]

I think Mac users stopped saying the Mac was immune about 10 years ago. My take on it is that out of the two major desktop options, Windows and Mac, the Mac is the safer bet. As is iOS over Android.

Linux isn't an option for me or most users on the desktop. Too complicated for average users, and for those who rely on creative apps no real options. (please don't tell me about open source alternatives to Photoshop, ProTools etc, they aren't as good. Apple products are not bullet proof, but I still believe for the average user and creative types they are the best option security wise.

Re:Best bet, but nothing is secure

Since when were Pro Tools and Photoshop Apple products?

Re:Best bet, but nothing is secure

uh..... no one except you thought that. he said they were "creative apps". you're an idiot.

slashdot = stagnated

Re:Best bet, but nothing is secure

For a number of reasons, including kernel specifications & a limited set of systems to deploy to, audio software just works better on Macs.

That said I hear Reaper is now pretty stable natively on Linux. Plus Ardour is not bad.

If Max/MSP ever moves to Linux (unlikely), I'm 100% switching over. Pure Data is nice but not the same.

Re:Best bet, but nothing is secure

[Anubis+IV]

Since when were Pro Tools and Photoshop Apple products?

He never suggested they were. He merely said that there were "no real options" for alternatives to those apps on Linux, a claim to which you provided no counterexamples. Then again, suggesting there are "no real options" sounds like a setup for a No True Scotsman fallacy, so I'm not sure that you would have been able to suggest anything to his satisfaction anyway.

Re:Best bet, but nothing is secure

Interesting. Admittedly, I'm a tech expert, yet I've never had to be one with Ubuntu on my Acer (which isn't even technically Ubuntu supported). I've been running it almost exclusively for a couple of years now. I found it as easy to install as Windows. And Blender, one of the best creative apps available IMO, runs beautifully.

Re:Best bet, but nothing is secure

[IWantMoreSpamPlease]

I have just built a spare PC for dedicated Ubuntu use (14.04 LTS) to use for RNN data crunching.
In an effort to see if it would be suitable for general use, I needed to replace but only two Windows-only software packages.

Lightroom, and to a lesser extent PhotoShop.
PhotoShop, for my very lightweight use, is easily duplicated in GIMP.

Lightroom is far trickier. I've tried Corel's Aftershot Pro 3, but the general UI is ripped right from Windows and just importing images is a pain (for example, it doesn't seem my USB-connected camera, despite being supported, and I can't import from a Windows-mapped drive, it won't see that either) and I end up fighting it every step of the way. Also, it won't support the plugins I use, which is understandable I suppose, but it does put a crimp in my workflow...

Re:Best bet, but nothing is secure

[chmod+a+x+mojo]

Check out "darktable", it's a lightroom clone.

I poked at it a bit in one of my VMs, and it seems to work pretty decent... the only real complaints I had were the sliders being harder to grab, the mause grab area on each slider seems to be much smaller and more finicky than lightroom. I haven't tried importing, but if your camera is supported for USB transfer I would think it should be able to be poked enough to work.

Re: Best bet, but nothing is secure

[negRo_slim]

Have you looked I to Darktable to replace LR? Also keep an eye on: https://www.reddit.com/r/FOSSP...

Re:Best bet, but nothing is secure

The only thing fruity around here are the stories.

FTFU

Re:Best bet, but nothing is secure

Have you all retards heard of virtualization?

You are so boring.

Re:Best bet, but nothing is secure

[Billly+Gates]

Mac users (please not saying all but the majority) are in the own little world. I do not like Apple products and these folks really believe MacOSX is superior, never has problems and when they do they are easy to fix, innovate beyond everyone, and that we Linux and Windows users are stupid or cheap because we don't know any better.

Supporting Microsoft Office and Skype are a nightmare on the mac. In Windows if something is corrupt you uninstall and reinstall. Not on a Mac. Outlook 2016 stores its mail profiles in hidden containers that are impossible to view and stick around after an uninstall/reinstall. Just to view hidden files and folders is a bizaare process to just to do a freaking deleting a mail profile. Apple in it's infinite wisdom decides you should never want to do this so you need to put in 4 lines in Bash only to have the view hidden files and folders remain empty after a reboot. Next you need to find the encrypted name of the containers to delete.

Do not get me started on device lockdown policy either. WIth VMWare and Microsoft Intune you simply create the MDM and put them on your Windows Phone or Android device when you sign in for corporate compliance. But no not Apple. You need to buy an $80 key at the Apple Developer Network just to create a series of private keys for each device. They always have problems too with authentication if they get corrupted. Android devices meanwhile never do. ... ok enough rant and I am not talking gluing batteries in products either and creating many many hubs with proprietary ports so they can nickle and dime you either.

Back on topic Apple like anything other platform requires good security practices and not an infallible believe that they are roses because they do not get viruses.

Re:Best bet, but nothing is secure

[605dave]

I never said Windows and Linux users were idiots, I said that the Mac was a better option on security issues for average users.

Re:Best bet, but nothing is secure

Is that you Michael Kristopiet?

Re:Best bet, but nothing is secure

[Darundal]

While you are in finder, enter in command + shift + period. Suddenly you can see all the hidden files and folders. Although it is predictably Apple that there wouldn't be an option or a checkbox for letting you view hidden files and folders.

Re:Best bet, but nothing is secure

[Jeremi]

Supporting Microsoft Office and Skype are a nightmare on the mac.

I'm not sure it's MacOS/X's fault if Microsoft's application software is lousy. (although FWIW Skype runs great on my Mac, and I while I rarely use Microsoft Office on my Mac, the few times I have used it, it didn't cause me any trouble)

Re:Best bet, but nothing is secure

Cropping screen shots does not make a professional PhotoShop user. GIMP is a joke for real work

Re:Best bet, but nothing is secure

The problem is you're relying at least partially on security through greed. Malware writers target Windows machines because they're the vast majority of desktop users and thus propagation is exponential.

If the market share were reversed it would be certain that Mac's would have similar problems to what we're seeing with Windows. I would argue that with all the security suites for Windows now advancing and maturing, one may be safer providing they maintain protection and basic security practices.

Re:Best bet, but nothing is secure

I would say the opposite, security wise Mac is very immature as it has never really needed to be anything but that. we are gradually seeing the incidents on it increase, hopefully though apple will learn to be more secure faster than when MS went through this pain a decade a go but I would not hold my breath on that. Security wise MS are leaps and bounds ahead of apple on the desktop, incident wise apple is leaps and bounds ahead.

Re:Best bet, but nothing is secure

[mjwx]

I think Mac users stopped saying the Mac was immune about 10 years ago. My take on it is that out of the two major desktop options, Windows and Mac, the Mac is the safer bet.

Apple are still running the old "we're immune to malware" line in their advertisement. Of course they use weasel words like saying they meant "windows malware, not malware designed for macs" in the fine print. Almost every Mac user I've met still parrots the "immune to viruses" line even though viruses haven't been a real threat for ages (worms and other malware took over ages ago).

As for it being the safer OS... That hasn't been the case since Vista, take both OS's, Windows 10 and the latest version of OS X patch them, password them then put them on a public network, neither will be inherently insecure. Insecurity in both OS's is now entirely in the user and I've found Mac users have a false sense of security that encourages they take more risks. The biggest saving grace that Mac users have is that malware is a numbers game and there just aren't enough Macs to justify the attention.

Re:Best bet, but nothing is secure

[Demena]

I am not convinced that is the case. Appleised Darwin on native hardware has a few features that most other machines don't. Just unplugging the thing resets the UEFI for just one thing.

Given Apples regular updates and generalised resistance, I feel I am not likely to get caught by a virus before Apples obliterates is infection mechanism with an update.

Either way is a gamble, with a Time Machine back up that is duplicated off line I feel reasonably safe.

There are no guarantees of safety, the Universe does not work that way.

Re:Best bet, but nothing is secure

[Anubis+IV]

You should try this new "reading comprehension" thing sometime. It's pretty awesome. The rest of us enjoy it quite a bit.

I feel like being a mod target today

[Tablizer]

Shouldda got Windows (*slap* *slap* *slap*...)

Wow! Fake News, Or What?

Everybody knows Macs are impervious to malware. No Apple product has ever had any malware on it, ever.

Did I mention "ever"?

I wondered how many people use Macs...

Now we have the answer: 400.

Also, shouldn't there be someone here talking about how Macs are better than PCs because Macs don't have viruses?

Re:I wondered how many people use Macs...

Oh dont worry. The apple faithful always show up spew bullshit and lies

Re: I wondered how many people use Macs...

[Zero__Kelvin]

Well, if it infected 400 Macs then that is pretty damn close to a Zero infection rate now, isn't it. And stop being stupid. Nobody in 2017 makes that claim. The 1990s called and wants its post back.

Stalker Malware?

[mykepredko]

With the very low number of infections and the monitoring of the user through like the webcam, I would think this is a case where looking at the owners of the infected Macs would yield a lot more information about the author and its purpose.

I wouldn't be surprised if this was on the Macs of individuals who have had issues with stalkers in the past.

Re:Stalker Malware?

[swb]

I think the researcher should have at minimum done some kind of geomapping of the IPs responding to his C&C domain to see if there was a geographic pattern to the infections.

This kind of sounds like the work of a skilled amateur who didn't intend for this to spread much, like they were targeting a narrow group or place, maybe even one person and it just happened to spread but was limited by only spreading through USB drives or something.

For all we know, it could have just been a proof of concept somebody wrote and then forgot about.

Re: Stalker Malware?

[Zero__Kelvin]

I was thinking the same. Simple victim analysis should reveal the commonality one needs to answer any questions.

Re:Stalker Malware?

[mikael]

400 people would be enough for a particular web forum. I've noticed that some animation 3D freeware (autoriggers) had viruses/worms/trojans built in. Ironically, the zip and tar files are archived at archive.org

Re:Stalker Malware?

[AHuxley]

National, international? Nation funded? Or something got out into the wild?

Re:Stalker Malware?

[Frederic54]

Interestling enough, the IP address the malware communicate with is from AT&T

Parsing input: 99.153.29.240
Routing details for 99.153.29.240
[refresh/show] Cached whois for 99.153.29.240 : abuse@att.net
Using abuse net on abuse@att.net
abuse net att.net = abuse@att.net
Using best contacts abuse@att.net

Where's the "Mal"?

[methano]

If it's MALware, doesn't it have to do something MALicious? I can't see what this stuff does that is bad. It just sits around watching what you do and doesn't bother you. Nobody even noticed it for years. I think it should be called PALware, like some guy who comes over and sits in your garage and watches while you work on your car. A real PAL. And it doesn't even drink your beer.

Re:Where's the "Mal"?

palware hahahahaha that's a funny joke

Re:Where's the "Mal"?

[TheFakeTimCook]

If it's MALware, doesn't it have to do something MALicious? I can't see what this stuff does that is bad. It just sits around watching what you do and doesn't bother you. Nobody even noticed it for years. I think it should be called PALware, like some guy who comes over and sits in your garage and watches while you work on your car. A real PAL. And it doesn't even drink your beer.

Wait! I thought that Apple placed an LED in parallel with the Power to the Camera Module; so it COULDN'T be turned-on without also lighting the little LED next to it.

Re:Where's the "Mal"?

[avgjoe62]

No, no, no, Mal DOES come over and sit in your garage (well, technically a hangar) and drink your beer. You see, they actually, they got the name of THIS code wrong. This is not Fruitfly, it's actually Firefly and that's why it's Malware...

Re:Where's the "Mal"?

On the newer Macs, yes. But this has been around for years, apparently. Maybe the light did tip off some users.

Re:Where's the "Mal"?

Never understood why webcams can't have shutters you manually slide out of the way.

Re:Where's the "Mal"?

Because users are idiots. Seriously, all the way to the top. VP at a tech company I work at, slaps down his wireless keyboard in our office, IT DOESNT WORK, ITS BROKEN, IM TAKING A NEW ONE KTHX!. Sure whatever bro, we look at the keyboard later and they put the batteries in backwards.

Re:Where's the "Mal"?

Never understood why webcams can't have shutters you manually slide out of the way.

Because that would cost about four cents per unit, eroding profits.

Re:Where's the "Mal"?

Because that would cost about four cents per unit, eroding profits.

That's not even the worst part, the computer might be 0.2 mm thicker too!

Shifty Eyes

I feel like someone who used to work for Apple decidedly to exploit some bug he ran into while coding. How would it get pushed out? 400 users, and the servers weren't active today. A particular website that installs it? A particular update on some standard Mac program? Was he just looking to spy on a few people, got bored or scared and turned it all off?

It makes for a good mystery story. I hate not knowing the answer.

Re: Shifty Eyes

It doesn't seem to exploit any bugs.

Reasons nobody found it

[guruevi]

It was written in Perl. Perhaps some Perl regex has become self-aware.

Re:Reasons nobody found it

It must have tokenized a Dune novel to realize that the slow malware penetrates the mac.

Re:Reasons nobody found it

[cstacy]

It was written in Perl. Perhaps some Perl regex has become self-aware.

The adolescence of Perl 6.

Mac "advocacy" vs. Mac realism

[zarmanto]

I'm a long-time Mac-user and Apple fan in general -- and while I feel far more confident when using MacOS than when using Windows, I also feel that it is folly to try to convince anyone that Macs are somehow immune to computer viruses. The way I see it, you have to be realistic and recognize that your own personal vulnerability to hacking efforts is dependent upon a great number of factors. In fact, just like any other crime, the most obvious factors to consider are means, motive and opportunity.

Means could perhaps refer to vulnerabilities. Everyone knows that Microsoft's code sucks -- but let's be frank: Apple releases security patches, too. Therefore, there have been security vulnerabilities in their code. Therefore, human nature being what it is, it is extremely likely that there are still security vulnerabilities in their code. It may sound an awful lot like a logical fallacy, but anyone who really knows computers will tell you that this is almost certainly true, nonetheless.

Motive is most often addressed by Mac advocates (and PC advocates alike, for that matter) who trumpet Apple's small market share as a reason for ignoring the platform. The thing is, Apple's market share figures do not by any stretch of the imagination convey the shear raw number of Mac users; believe it or not, there are somewhere around 100 million Mac users, according to recent figures from Apple. That's not such a small target, if you think about it. But perhaps more intriguing than that, is the finicky nature of this so-called "security through obscurity" argument... because it's not exactly universally true; that is to say, it's only valid until someone interesting to a hacker starts using the platform in question. At that point, the return-on-investment isn't so much a question of how many people they can scoop up in their net... so long as they successfully scoop up the intended target.

And finally, opportunity: We could interpret this as the "human" element, or simply the question of how many Mac users happened to commit the specific type of opsec failure, which causes them to fall into whatever trap had been laid. The small infection rate could suggest that the window of opportunity was small, for some reason; perhaps the nefarious entity who laid the trap was just messing around for a little while, or perhaps (as implied above) they caught up their intended target in the trap, and promptly pulled down their trap to minimize further chances of discovery, and prolong access to the intended target. (Looking at the facts of the case, it might be reasonable to state that they quite succeeded in this goal!)

So regardless of your preferred platform -- this means you too, *nix users -- never, ever assume that your favorite platform is absolutely perfectly secure. Unless it's disconnected from the network entirely. And disconnected from power. And sealed in a locked safe. At the bottom of the ocean. With explosive booby traps. Surrounded by trained sharks with fricken lasers mounted on their heads.

And... well... probably not even then.

Re:Mac "advocacy" vs. Mac realism

[Billly+Gates]

If you support Microsoft Office and do device lockdowns and remote management your opinion of IOS and MacOSX will go drastically down. :-)

Safari too always has problems when trying to do SharePoint Online. It seems Apple becomes good when Steve Jobs is around and leaves again after he is not present.

Re: Mac "advocacy" vs. Mac realism

It's interesting that your problems with Macs seem to be connected to Microsoft products.

Old news, oh right, this is Slashdot

This was discovered in January and is likely a variant of Backdoor.OSX.Mokes which was discovered years prior. Nothing new, just anti-virus vendors trying to make a buck off of FUD that headline desperate fake news outlets are desparate to publish to get eyeballs on their advertising.

Around 400 victims infected with FruitFly.

Which is pretty much every single Apple Mac user out there.

Abandonware or an escaped experiment?

[Ungrounded+Lightning]

With a long history, a very small number of infected machines, and no active exploitation, I'd guess it's something someone was playing with that he's abandoned long ago or which "escaped from the lab" but didn't get far.

One of the hazards of self-propagatng code is that it does so on its own. So if, while under development, it finds a net connection to a set of vulnerable machines, it's out and spreading. Like before the command-and-control is debugged and/or the payload is ready to do its dirty work. (Thus it may be much nastier than the author(s) inteded.)

If it's GOOD at spreading it quickly saturates the vulnerable population and comes to the attention of users and security experts. If it's BAD at spreading its escape might not be noticed by the author at all - or by anyone else for years, if at all.

400 machines and a decade before it's noticed seems about right.

Re: Abandonware or an escaped experiment?

[KGIII]

Maybe they are in prison, caught for an earlier crime.

That's my wild theory, and I'm sticking to it.

Re: Abandonware or an escaped experiment?

[Narcocide]

Or, maybe the initial infection got them the information they were looking for right away. Mission accomplished, fledgeling bot-net abandoned.

Re: Abandonware or an escaped experiment?

[KGIII]

No. It's prison. They're in prison for a botched bank robbery. They were caught taking a few cents from thousands of accounts, over a period of 2.6 years. They were sentenced to 18 years in a federal penitentiary, so they'll be out soon.

Someone should write a fanfic.

Re:Abandonware or an escaped experiment?

[RuffMasterD]

Possible. Or the author could be aiming for specific targets. Who uses those Macs? Where I work, only high income employees are issued Macs. Directors, management accountants, senior staff, etc. Everyone else is issued PCs. Listening in on meetings, taking screenshots, and recording keystrokes of a few people would be sufficient to gain a competitive advantage.

OMG! 400 users infected!

So the people who got infected are those who:
- intentionally downloaded malware in spite of a warning from a security product
- gave an exception to said malware. At least twice
- then opted-in to the malware

This would seem to be some sort of popularity scheme article

Hardly a crisis

[timholman]

If an infection with "a few hundred" cases is the best example of Mac malware that Malwarebytes can provide, it is hardly a ringing endorsement for putting their product on my machine.

With so few examples in the wild, my guess is that FruitFly piggybacked onto one of those fake Flash installers that you run into on some of the sketchier websites, or else was installed by a "Mac support specialist" at some Indian call center (yes, there are also websites that target Mac users with the same bogus "Your computer has a virus! Call this number for help!" messages).

Given that some Mac anti-virus vendors have flagged open source software such as wacaw and Platypus as "malware", I'm skeptical in the extreme about hysterical claims concerning evil malware infections running rampant in the MacOS ecosystem. Run a good ad-blocker instead, and you'll eliminate the attack vector for 99.99% of this crap.

Linux too complicated for average users?

Ha ha ha ha ha ha ha ! :-)

Thanks for the laugh, chum. You obviously haven't used any version of Linux for YEARS.

faffaholics anonymous

[epine]

Then again, suggesting there are "no real options" sounds like a setup for a No True Scotsman fallacy, so I'm not sure that you would have been able to suggest anything to his satisfaction anyway.

His satisfaction is quite irrelevant. Unless you believe that Any True Scotsman would faff around indefinitely to shave one more nickle off the purchase price.

What matters here is his prospective utility: his net upside after the huge investment to research the alternatives, reinvent his established workflow, learn about all the new nits and gremlins, flawlessly administrate his custom stack of validated alternatives, resolving interoperability difficulties with his contacts and clients, etc. etc.

About 10% of all open source zealots really ought to check themselves into Faffaholics Anonymous.

It uses ancient functions

This code is in C, who the hell uses C anymore must be so ancient.

Re: It uses ancient functions

And dangerous! Safe malware is written in Rust, because Rust is inherently safe by design and it makes code written by even the most dimwitted people bug-free and bullet-proof by definition.

getting random web cam pics

They are trying to get photos of girls undressing and seeing their private parts as well.

Endangered species

Why did the summary read like a description of discovery of some endangered species?

Only 400 in the wild! So, shall we start some breeding program to preserve it?

400 whole victims

The whole world must be ending.

Simple but effective

Isnt that kind of the point for malware? Harder to detect?