Mysterious Mac Malware Has Infected Hundreds of Victims For Years

An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.

400 over 10 years?

More Window$ PCs were infected by malware while reading this post.

Re:Fruitfly

[alex67500]

Or because fruit flies like an apple?

Best bet, but nothing is secure

[605dave]

I think Mac users stopped saying the Mac was immune about 10 years ago. My take on it is that out of the two major desktop options, Windows and Mac, the Mac is the safer bet. As is iOS over Android.

Linux isn't an option for me or most users on the desktop. Too complicated for average users, and for those who rely on creative apps no real options. (please don't tell me about open source alternatives to Photoshop, ProTools etc, they aren't as good. Apple products are not bullet proof, but I still believe for the average user and creative types they are the best option security wise.

Re:Best bet, but nothing is secure

[Anubis+IV]

Since when were Pro Tools and Photoshop Apple products?

He never suggested they were. He merely said that there were "no real options" for alternatives to those apps on Linux, a claim to which you provided no counterexamples. Then again, suggesting there are "no real options" sounds like a setup for a No True Scotsman fallacy, so I'm not sure that you would have been able to suggest anything to his satisfaction anyway.

Stalker Malware?

[mykepredko]

With the very low number of infections and the monitoring of the user through like the webcam, I would think this is a case where looking at the owners of the infected Macs would yield a lot more information about the author and its purpose.

I wouldn't be surprised if this was on the Macs of individuals who have had issues with stalkers in the past.

Re:Guess

[Ol+Olsoc]

There were some claims in the past made by many people, that Mac's don't get computer virus's.

That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.

What the Mac is, is more resistant to viruses and malware than say - Windows.

Abandonware or an escaped experiment?

[Ungrounded+Lightning]

With a long history, a very small number of infected machines, and no active exploitation, I'd guess it's something someone was playing with that he's abandoned long ago or which "escaped from the lab" but didn't get far.

One of the hazards of self-propagatng code is that it does so on its own. So if, while under development, it finds a net connection to a set of vulnerable machines, it's out and spreading. Like before the command-and-control is debugged and/or the payload is ready to do its dirty work. (Thus it may be much nastier than the author(s) inteded.)

If it's GOOD at spreading it quickly saturates the vulnerable population and comes to the attention of users and security experts. If it's BAD at spreading its escape might not be noticed by the author at all - or by anyone else for years, if at all.

400 machines and a decade before it's noticed seems about right.