Mysterious Mac Malware Has Infected Hundreds of Victims For Years (vice.com) 128
An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.
Re: (Score:2)
"Because an apple is a fruit" is too complex for your brain? ;)
Re:Fruitfly (Score:4, Funny)
Or because fruit flies like an apple?
Re: (Score:2)
Re: (Score:2)
yeah but Macs are made by Apple so...
Re: (Score:2)
Or is that time flies like a banana?
N.B. Do not attempt to decode previous joke unless you are familiar with the history of natural language processing.
Re: (Score:2)
Or is that time flies like a banana?
N.B. Do not attempt to decode previous joke unless you are familiar with the history of natural language processing.
It is hard to wreck a nice beach!
(And you don't need semantic prediction for that!)
Re: Fruitfly (Score:2)
Re: (Score:2)
Or maybe a Time Capsule flies like an Apple?
Re: (Score:2)
How many of you guys had to hear this: (Score:1)
"I got [insert anti-virus here] and it has never found anything on [linux;mac os;*nix]?
And you want to argue why they are wrong and when you do, it goes over their heads.
Re: (Score:2)
http://www.dailymail.co.uk/sci... [dailymail.co.uk]
People in glass houses shouldn't throw stones
400 over 10 years? (Score:5, Insightful)
More Window$ PCs were infected by malware while reading this post.
Re: (Score:2)
Soon as he registered the backup domain... 400 computers connected to report. Machine should be logging IP connections in general, perhaps daily counts, in particular, failed connections.
Re: (Score:2, Funny)
Guys! Stop reading his post! You're infecting Windows PCs!
Re: (Score:2)
More Window$ PCs were infected by malware while reading this post.
this should be +5 informative, because it is true.
Re: (Score:2)
Yet it isn't, and it isn't.
Because you are wrong, and you are extremely wrong.
http://www.pcworld.com/article... [pcworld.com]
Re: (Score:2)
Really slashdot? Aren't we over this phase? It's 2017, it's an interesting article. The "but but but Micro$hit!" stuff isn't needed.
Mac, Windows and Linux users are all coming here and always have.
Re: (Score:1)
Re: (Score:2)
Best bet, but nothing is secure (Score:5, Interesting)
I think Mac users stopped saying the Mac was immune about 10 years ago. My take on it is that out of the two major desktop options, Windows and Mac, the Mac is the safer bet. As is iOS over Android.
Linux isn't an option for me or most users on the desktop. Too complicated for average users, and for those who rely on creative apps no real options. (please don't tell me about open source alternatives to Photoshop, ProTools etc, they aren't as good. Apple products are not bullet proof, but I still believe for the average user and creative types they are the best option security wise.
Re: (Score:1)
uh..... no one except you thought that. he said they were "creative apps". you're an idiot.
slashdot = stagnated
Re:Best bet, but nothing is secure (Score:5, Informative)
Since when were Pro Tools and Photoshop Apple products?
He never suggested they were. He merely said that there were "no real options" for alternatives to those apps on Linux, a claim to which you provided no counterexamples. Then again, suggesting there are "no real options" sounds like a setup for a No True Scotsman fallacy, so I'm not sure that you would have been able to suggest anything to his satisfaction anyway.
Re: (Score:2)
I have just built a spare PC for dedicated Ubuntu use (14.04 LTS) to use for RNN data crunching.
In an effort to see if it would be suitable for general use, I needed to replace but only two Windows-only software packages.
Lightroom, and to a lesser extent PhotoShop.
PhotoShop, for my very lightweight use, is easily duplicated in GIMP.
Lightroom is far trickier. I've tried Corel's Aftershot Pro 3, but the general UI is ripped right from Windows and just importing images is a pain (for example, it doesn't seem m
Re: (Score:3)
Check out "darktable", it's a lightroom clone.
I poked at it a bit in one of my VMs, and it seems to work pretty decent... the only real complaints I had were the sliders being harder to grab, the mause grab area on each slider seems to be much smaller and more finicky than lightroom. I haven't tried importing, but if your camera is supported for USB transfer I would think it should be able to be poked enough to work.
Re: Best bet, but nothing is secure (Score:2)
faffaholics anonymous (Score:2)
His satisfaction is quite irrelevant. Unless you believe that Any True Scotsman would faff around indefinitely to shave one more nickle off the purchase price.
What matters here is his prospective utility: his net upside after the huge investment to research the alternatives, reinvent his established workflow, lear
Re: (Score:2)
You should try this new "reading comprehension" thing sometime. It's pretty awesome. The rest of us enjoy it quite a bit.
Re: (Score:2)
Mac users (please not saying all but the majority) are in the own little world. I do not like Apple products and these folks really believe MacOSX is superior, never has problems and when they do they are easy to fix, innovate beyond everyone, and that we Linux and Windows users are stupid or cheap because we don't know any better.
Supporting Microsoft Office and Skype are a nightmare on the mac. In Windows if something is corrupt you uninstall and reinstall. Not on a Mac. Outlook 2016 stores its mail profil
Re: (Score:2)
I never said Windows and Linux users were idiots, I said that the Mac was a better option on security issues for average users.
Re: (Score:3)
Re: (Score:2)
Supporting Microsoft Office and Skype are a nightmare on the mac.
I'm not sure it's MacOS/X's fault if Microsoft's application software is lousy. (although FWIW Skype runs great on my Mac, and I while I rarely use Microsoft Office on my Mac, the few times I have used it, it didn't cause me any trouble)
Re: (Score:2)
I think Mac users stopped saying the Mac was immune about 10 years ago. My take on it is that out of the two major desktop options, Windows and Mac, the Mac is the safer bet.
Apple are still running the old "we're immune to malware" line in their advertisement. Of course they use weasel words like saying they meant "windows malware, not malware designed for macs" in the fine print. Almost every Mac user I've met still parrots the "immune to viruses" line even though viruses haven't been a real threat for ages (worms and other malware took over ages ago).
As for it being the safer OS... That hasn't been the case since Vista, take both OS's, Windows 10 and the latest version of
Re: (Score:2)
I am not convinced that is the case. Appleised Darwin on native hardware has a few features that most other machines don't. Just unplugging the thing resets the UEFI for just one thing.
Given Apples regular updates and generalised resistance, I feel I am not likely to get caught by a virus before Apples obliterates is infection mechanism with an update.
Either way is a gamble, with a Time Machine back up that is duplicated off line I feel reasonably safe.
There are no guarantees of safety, the Universe does
I feel like being a mod target today (Score:1)
Shouldda got Windows (*slap* *slap* *slap*...)
Stalker Malware? (Score:5, Interesting)
With the very low number of infections and the monitoring of the user through like the webcam, I would think this is a case where looking at the owners of the infected Macs would yield a lot more information about the author and its purpose.
I wouldn't be surprised if this was on the Macs of individuals who have had issues with stalkers in the past.
Re: (Score:3)
I think the researcher should have at minimum done some kind of geomapping of the IPs responding to his C&C domain to see if there was a geographic pattern to the infections.
This kind of sounds like the work of a skilled amateur who didn't intend for this to spread much, like they were targeting a narrow group or place, maybe even one person and it just happened to spread but was limited by only spreading through USB drives or something.
For all we know, it could have just been a proof of concept somebod
Re: (Score:2)
400 people would be enough for a particular web forum. I've noticed that some animation 3D freeware (autoriggers) had viruses/worms/trojans built in. Ironically, the zip and tar files are archived at archive.org
Re: (Score:2)
Interestling enough, the IP address the malware communicate with is from AT&T
Parsing input: 99.153.29.240
Routing details for 99.153.29.240
[refresh/show] Cached whois for 99.153.29.240 : abuse@att.net
Using abuse net on abuse@att.net
abuse net att.net = abuse@att.net
Using best contacts abuse@att.net
Re: Stalker Malware? (Score:1)
Re: (Score:2)
Where's the "Mal"? (Score:3)
Re: (Score:2)
If it's MALware, doesn't it have to do something MALicious? I can't see what this stuff does that is bad. It just sits around watching what you do and doesn't bother you. Nobody even noticed it for years. I think it should be called PALware, like some guy who comes over and sits in your garage and watches while you work on your car. A real PAL. And it doesn't even drink your beer.
Wait! I thought that Apple placed an LED in parallel with the Power to the Camera Module; so it COULDN'T be turned-on without also lighting the little LED next to it.
Re: (Score:1)
Never understood why webcams can't have shutters you manually slide out of the way.
Because that would cost about four cents per unit, eroding profits.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
It was written in Perl. Perhaps some Perl regex has become self-aware.
The adolescence of Perl 6.
Mac "advocacy" vs. Mac realism (Score:2)
I'm a long-time Mac-user and Apple fan in general -- and while I feel far more confident when using MacOS than when using Windows, I also feel that it is folly to try to convince anyone that Macs are somehow immune to computer viruses. The way I see it, you have to be realistic and recognize that your own personal vulnerability to hacking efforts is dependent upon a great number of factors. In fact, just like any other crime, the most obvious factors to consider are means, motive and opportunity.
Means cou
Re: (Score:2)
If you support Microsoft Office and do device lockdowns and remote management your opinion of IOS and MacOSX will go drastically down. :-)
Safari too always has problems when trying to do SharePoint Online. It seems Apple becomes good when Steve Jobs is around and leaves again after he is not present.
Re: Mac "advocacy" vs. Mac realism (Score:1)
It's interesting that your problems with Macs seem to be connected to Microsoft products.
Abandonware or an escaped experiment? (Score:4, Interesting)
With a long history, a very small number of infected machines, and no active exploitation, I'd guess it's something someone was playing with that he's abandoned long ago or which "escaped from the lab" but didn't get far.
One of the hazards of self-propagatng code is that it does so on its own. So if, while under development, it finds a net connection to a set of vulnerable machines, it's out and spreading. Like before the command-and-control is debugged and/or the payload is ready to do its dirty work. (Thus it may be much nastier than the author(s) inteded.)
If it's GOOD at spreading it quickly saturates the vulnerable population and comes to the attention of users and security experts. If it's BAD at spreading its escape might not be noticed by the author at all - or by anyone else for years, if at all.
400 machines and a decade before it's noticed seems about right.
Re: Abandonware or an escaped experiment? (Score:2)
Maybe they are in prison, caught for an earlier crime.
That's my wild theory, and I'm sticking to it.
Re: (Score:1)
Or, maybe the initial infection got them the information they were looking for right away. Mission accomplished, fledgeling bot-net abandoned.
Re: (Score:2)
No. It's prison. They're in prison for a botched bank robbery. They were caught taking a few cents from thousands of accounts, over a period of 2.6 years. They were sentenced to 18 years in a federal penitentiary, so they'll be out soon.
Someone should write a fanfic.
Re: (Score:2)
Hardly a crisis (Score:2)
If an infection with "a few hundred" cases is the best example of Mac malware that Malwarebytes can provide, it is hardly a ringing endorsement for putting their product on my machine.
With so few examples in the wild, my guess is that FruitFly piggybacked onto one of those fake Flash installers that you run into on some of the sketchier websites, or else was installed by a "Mac support specialist" at some Indian call center (yes, there are also websites that target Mac users with the same bogus "Your comput
Re: (Score:3)
Is it really a self-installing virus, or user-installed malware?
Re: (Score:3)
Re: (Score:2)
Considering the age of this thing, it looks like *apparently* the primary Command&Control server is down, based on the fact that the 400 installs connected to the backup address when it came to life.
This makes me wonder if the thing was far more widespr
Re: (Score:2)
Is it really a self-installing virus, or user-installed malware?
With that low of an infection-rate, do you even have to ask?
Re: (Score:2)
Re: (Score:2)
It also looks like its over 10 years old, which probably means a lot of installs have been lost to system wipes, drives being replaced, and even system failures. 10 years is forever in computer years.
So?
Even if 10 "installs" were lost to every one still found, that's still a minuscule infection rate over 10 days, let alone 10 YEARS.
Re: (Score:2)
The interesting thing if it's really that old is that it's highly unlikely that a 10 year old Mac virus would be able to infect newer versions of OSX, simply because backwards compatibility is not important in the Mac world. The article didn't say, but if it's been around 10 years and hasn't been updated, then those 400 computers are some pretty old computers (an eternity in Mac years) that have hung around for some reason, thus the infection must have been much more widespread back in the day.
Re: Guess (Score:1)
Re: (Score:2)
There were some claims in the past made by many people, that Mac's don't get computer virus's. For the most part that was true for a while. As far significance goes, the FruitFly virus is not. However, it is an attack vector. So, Apple needs to fix this problem.
They will.
Re:Guess (Score:4, Insightful)
There were some claims in the past made by many people, that Mac's don't get computer virus's.
That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.
What the Mac is, is more resistant to viruses and malware than say - Windows.
Re: (Score:3)
No. What the Mac is, is more resistant to WINDOWS-based viruses and WINDOWS-based malware.
By it's nature, it's vulnerability to viruses and malware differs from that of Windows. It is NOT, as some dummies would claim, "immune".
Re: (Score:3)
No. What the Mac is, is more resistant to WINDOWS-based viruses and WINDOWS-based malware.
By it's nature, it's vulnerability to viruses and malware differs from that of Windows. It is NOT, as some dummies would claim, "immune".
Umm, I know you'd like to rage, but while you disagree with me, that's exactly what I said. They aren't immune.
But Windows machines are inherently more vulnerable overall.
I do know I've never cleaned up a virus infected Mac, and most of them run bareback. Windows machines? Many. Now turn off your firewall and Windows defender, please, and let me know how it works out for ya.
Re: (Score:2)
Biggest factor in the Mac malware gambit is still market penetration.
Re: (Score:2)
Biggest factor in the Mac malware gambit is still market penetration.
Which if true, would be a good reason to use one. But no, like it or not, Windows is much more vulnerable,
Re: (Score:2)
No, actually it would eventually become a self-correcting issue.
As market share increases, it's desirability as a target platform goes UP.
Re: (Score:2)
There were some claims in the past made by many people, that Mac's don't get computer virus's.
That's true. It is also completely wrong. ome people claim many things, and some people extrapolate that to many and even everyone. That is also completely wrong.
What the Mac is, is more resistant to viruses and malware than say - Windows.
Maybe,what I said is incomplete?
If so, it was purposeful.
Re: (Score:3)
There were some claims in the past made by many people, that Mac's don't get computer virus's.
Which is particularly funny since I was handed decompiled code to a Mac virus (actually a sneakernet worm) back in the original Mac days. (I don't recall if it was before there WERE IBM PCs, let alone clones, or if it was just before PC malware was known.)
For many years, practiclly the beginnng of their deployment, there were worms, viruses, etc. on both. But those for Mac tended to be (relatively) harmless prank
Re: (Score:2)
IBM PC's had the problem with boot-sector viruses resident on floppy disks. Especially since MS-DOS PC's in university labs didn't have any concept of file ownership.
Re: (Score:2)
Re: (Score:2)
Re: I wondered how many people use Macs... (Score:1)