Creepy malware that has gone undetected for years has been spying on Mac users


Security experts have discovered a piece of malware that has been spying on Mac users for years.

The malware, dubbed FruitFly, operates quietly in the background spying on users as it avoids detection from Apple and third party antivirus programs.

FruitFly spies on users by recording keystrokes, capturing images of what is displayed on screen, and worst of all through the computer’s camera.

The malware was first discovered by cyber security firm Malwarebytes but now a second variant, dubbed FruitFly 2, has also been infecting Apple computers.

Patrick Wardle, a former NSA analyst and now with security firm Synack says he has found around 400 computers infected with the new variant and believes that many more computers could be infected with the malware.

It is not known exactly how long FruitFly has been infecting computers but researchers have found evidence the code was used to target Macs running Yosemite, which was released in October 2014. Earlier cases are believed to date back even longer than that.

Thomas Reed from MalwareBytes who was the first to discover the malware said it was “unlike anything I’ve seen before.”

Wardle says that what makes FruitFly so dangerous is that it is so hard to detect as it has multiple strains with different code but with each strain deploying the same spying techniques.

Wardle also hit out at Mac users who are “over confident” when it comes security threats and while viruses are less widespread than on Windows, they still exist in Apple’s eco-system.

Wardle said that FruitFly “shows that there are sick people who attack Mac users everyday for dangerous purposes.”

“Many Mac users trust their Mac security system.The malware findings are a warning to everyday users that there are people out there who are trying to hack their computers,” he said.

Last year a report by McAfee showed a dramatic surge in the amount of Mac malware.

It is not known who is responsible for the creation of FruitFly and whether it targets individuals directly or at random.

Via: ArsTechnica


Comments are closed.