![]() ![]() Wardle is unable to say how many are affected by the malware, but did reveal that most of the 400 computers that connected to the server during his research were based in the US – though there didn’t appear to be any connection between the devices. Still, the infected Macs remain infected and will still report to the server when it is activated, meaning anyone who registers one of the hardcoded domains in the malware will be able to access the infected machines. However, it appears the primary command-and-control server for the malware has been shuttered, which suggests whoever is behind Fruitfly has abandoned it – again, there’s no way to know for sure, however. It doesn’t install ransomware like many other forms of malware, so it doesn’t seem as though the creator’s intent was to steal financial information or make a profit. It also remains unclear what the purpose of Fruitfly is at this point. Wardle did say he believes a single hacker, rather than a nation state attacker, was behind the malware, saying he thought the aim was to “spy on people for perverse reasons.” What is Fruitfly – Who’s behind the malware?Īt this point, it remains unclear who created Fruitfly. Wardle did speculate that Fruitfly could infect a machine via a malicious email attachment, however, or simply through a malicious link. Unfortunately, there’s no way to know just how the malware infects computers. The researcher found on one occasion, when almost 400 infected Macs connected to a registered server, that he was not only able to view the IP addresses and user names on those devices, but that he could have used the malware to easily spy on the users. Most antivirus programs were previously unable to identify Fruitflyĭuring his analysis of Fruitfly, Wardle also found the malware provided hackers with the IP address, name of the user, and the computer name. I haven’t seen that before.” That means hackers are able to stop what they’re doing immediately when a user becomes active, increasing their chances of remaining undetected.ĭespite its relative simplicity, the malware is full featured, even allowing hackers to send screenshots of the Mac display to themselves at varying levels of quality, so as to make their actions less detectable, or speed up the process on slow connections. Wardle told ZDNet: “The most interesting feature is that the malware can send an alert when the user is active. In July this year, former NSA hacker and chief security researcher at Synack, Patrick Wardle, spoke to ZDNet about his in-depth analysis of the latest variant of Fruitfly malware. The malware has remained undetected by antivirus software and macOS throughout, making it a particularly insidious infection. Since January, when Apple patched the issue, new variants of Fruitfly have emerged and appear to have infected a wider number of computers. This first version of the malware was said to be relatively unsophisticated, using just a hidden file and a launch agent to keep Macs infected. The post explained how Fruitfly infects Mac computers and is able to capture screenshots, control webcams, and even connect to other devices on the same network as the Mac. The malware also allows for access to computer’s files, giving hackers full control over the machines.Īt the time, it was suspected that the malware had been around since OS X Yosemite, which launched back in October 2014.Īs the blog post explains: “This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to be targeting biomedical research centers.” The malware was first discovered back in January 2017, with a blog post from anti-malware provider Malwarebytes highlighting its existence. So, what do you need to know about Fruitfly? How can you protect yourself? Here’s all you need to know. This year brought the revelation that a particularly insidious form of Mac malware has been operating on machines undetected for some time.ĭubbed Fruitfly, the malware gives hackers the ability to remotely control Mac computers, and now, new details about the malware and its new variants have come to light. What is Fruitfly? We take a closer look at the recently-uncovered Fruitfly malware and what it means for Mac users. ![]()
0 Comments
Leave a Reply. |