Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Desktops (Apple)

Mysterious Mac Malware Has Infected Hundreds of Victims For Years (vice.com) 128

An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.
This discussion has been archived. No new comments can be posted.

Mysterious Mac Malware Has Infected Hundreds of Victims For Years

Comments Filter:
  • by Anonymous Coward

    "I got [insert anti-virus here] and it has never found anything on [linux;mac os;*nix]?

    And you want to argue why they are wrong and when you do, it goes over their heads.

  • 400 over 10 years? (Score:5, Insightful)

    by Anonymous Coward on Monday July 24, 2017 @12:29PM (#54868073)

    More Window$ PCs were infected by malware while reading this post.

  • by 605dave ( 722736 ) on Monday July 24, 2017 @12:43PM (#54868187) Homepage

    I think Mac users stopped saying the Mac was immune about 10 years ago. My take on it is that out of the two major desktop options, Windows and Mac, the Mac is the safer bet. As is iOS over Android.

    Linux isn't an option for me or most users on the desktop. Too complicated for average users, and for those who rely on creative apps no real options. (please don't tell me about open source alternatives to Photoshop, ProTools etc, they aren't as good. Apple products are not bullet proof, but I still believe for the average user and creative types they are the best option security wise.

    • Mac users (please not saying all but the majority) are in the own little world. I do not like Apple products and these folks really believe MacOSX is superior, never has problems and when they do they are easy to fix, innovate beyond everyone, and that we Linux and Windows users are stupid or cheap because we don't know any better.

      Supporting Microsoft Office and Skype are a nightmare on the mac. In Windows if something is corrupt you uninstall and reinstall. Not on a Mac. Outlook 2016 stores its mail profil

      • by 605dave ( 722736 )

        I never said Windows and Linux users were idiots, I said that the Mac was a better option on security issues for average users.

      • While you are in finder, enter in command + shift + period. Suddenly you can see all the hidden files and folders. Although it is predictably Apple that there wouldn't be an option or a checkbox for letting you view hidden files and folders.
      • by Jeremi ( 14640 )

        Supporting Microsoft Office and Skype are a nightmare on the mac.

        I'm not sure it's MacOS/X's fault if Microsoft's application software is lousy. (although FWIW Skype runs great on my Mac, and I while I rarely use Microsoft Office on my Mac, the few times I have used it, it didn't cause me any trouble)

    • by mjwx ( 966435 )

      I think Mac users stopped saying the Mac was immune about 10 years ago. My take on it is that out of the two major desktop options, Windows and Mac, the Mac is the safer bet.

      Apple are still running the old "we're immune to malware" line in their advertisement. Of course they use weasel words like saying they meant "windows malware, not malware designed for macs" in the fine print. Almost every Mac user I've met still parrots the "immune to viruses" line even though viruses haven't been a real threat for ages (worms and other malware took over ages ago).

      As for it being the safer OS... That hasn't been the case since Vista, take both OS's, Windows 10 and the latest version of

  • Shouldda got Windows (*slap* *slap* *slap*...)

  • Stalker Malware? (Score:5, Interesting)

    by mykepredko ( 40154 ) on Monday July 24, 2017 @01:01PM (#54868323) Homepage

    With the very low number of infections and the monitoring of the user through like the webcam, I would think this is a case where looking at the owners of the infected Macs would yield a lot more information about the author and its purpose.

    I wouldn't be surprised if this was on the Macs of individuals who have had issues with stalkers in the past.

    • by swb ( 14022 )

      I think the researcher should have at minimum done some kind of geomapping of the IPs responding to his C&C domain to see if there was a geographic pattern to the infections.

      This kind of sounds like the work of a skilled amateur who didn't intend for this to spread much, like they were targeting a narrow group or place, maybe even one person and it just happened to spread but was limited by only spreading through USB drives or something.

      For all we know, it could have just been a proof of concept somebod

      • by mikael ( 484 )

        400 people would be enough for a particular web forum. I've noticed that some animation 3D freeware (autoriggers) had viruses/worms/trojans built in. Ironically, the zip and tar files are archived at archive.org

      • Interestling enough, the IP address the malware communicate with is from AT&T

        Parsing input: 99.153.29.240
        Routing details for 99.153.29.240
        [refresh/show] Cached whois for 99.153.29.240 : abuse@att.net
        Using abuse net on abuse@att.net
        abuse net att.net = abuse@att.net
        Using best contacts abuse@att.net

    • I was thinking the same. Simple victim analysis should reveal the commonality one needs to answer any questions.
    • by AHuxley ( 892839 )
      National, international? Nation funded? Or something got out into the wild?
  • by methano ( 519830 ) on Monday July 24, 2017 @01:04PM (#54868337)
    If it's MALware, doesn't it have to do something MALicious? I can't see what this stuff does that is bad. It just sits around watching what you do and doesn't bother you. Nobody even noticed it for years. I think it should be called PALware, like some guy who comes over and sits in your garage and watches while you work on your car. A real PAL. And it doesn't even drink your beer.
    • If it's MALware, doesn't it have to do something MALicious? I can't see what this stuff does that is bad. It just sits around watching what you do and doesn't bother you. Nobody even noticed it for years. I think it should be called PALware, like some guy who comes over and sits in your garage and watches while you work on your car. A real PAL. And it doesn't even drink your beer.

      Wait! I thought that Apple placed an LED in parallel with the Power to the Camera Module; so it COULDN'T be turned-on without also lighting the little LED next to it.

    • No, no, no, Mal DOES come over and sit in your garage (well, technically a hangar) and drink your beer. You see, they actually, they got the name of THIS code wrong. This is not Fruitfly, it's actually Firefly and that's why it's Malware...
  • It was written in Perl. Perhaps some Perl regex has become self-aware.

    • by cstacy ( 534252 )

      It was written in Perl. Perhaps some Perl regex has become self-aware.

      The adolescence of Perl 6.

  • I'm a long-time Mac-user and Apple fan in general -- and while I feel far more confident when using MacOS than when using Windows, I also feel that it is folly to try to convince anyone that Macs are somehow immune to computer viruses. The way I see it, you have to be realistic and recognize that your own personal vulnerability to hacking efforts is dependent upon a great number of factors. In fact, just like any other crime, the most obvious factors to consider are means, motive and opportunity.

    Means cou

    • If you support Microsoft Office and do device lockdowns and remote management your opinion of IOS and MacOSX will go drastically down. :-)

      Safari too always has problems when trying to do SharePoint Online. It seems Apple becomes good when Steve Jobs is around and leaves again after he is not present.

  • by Ungrounded Lightning ( 62228 ) on Monday July 24, 2017 @03:53PM (#54869729) Journal

    With a long history, a very small number of infected machines, and no active exploitation, I'd guess it's something someone was playing with that he's abandoned long ago or which "escaped from the lab" but didn't get far.

    One of the hazards of self-propagatng code is that it does so on its own. So if, while under development, it finds a net connection to a set of vulnerable machines, it's out and spreading. Like before the command-and-control is debugged and/or the payload is ready to do its dirty work. (Thus it may be much nastier than the author(s) inteded.)

    If it's GOOD at spreading it quickly saturates the vulnerable population and comes to the attention of users and security experts. If it's BAD at spreading its escape might not be noticed by the author at all - or by anyone else for years, if at all.

    400 machines and a decade before it's noticed seems about right.

    • Maybe they are in prison, caught for an earlier crime.

      That's my wild theory, and I'm sticking to it.

      • Or, maybe the initial infection got them the information they were looking for right away. Mission accomplished, fledgeling bot-net abandoned.

        • by KGIII ( 973947 )

          No. It's prison. They're in prison for a botched bank robbery. They were caught taking a few cents from thousands of accounts, over a period of 2.6 years. They were sentenced to 18 years in a federal penitentiary, so they'll be out soon.

          Someone should write a fanfic.

    • Possible. Or the author could be aiming for specific targets. Who uses those Macs? Where I work, only high income employees are issued Macs. Directors, management accountants, senior staff, etc. Everyone else is issued PCs. Listening in on meetings, taking screenshots, and recording keystrokes of a few people would be sufficient to gain a competitive advantage.
  • If an infection with "a few hundred" cases is the best example of Mac malware that Malwarebytes can provide, it is hardly a ringing endorsement for putting their product on my machine.

    With so few examples in the wild, my guess is that FruitFly piggybacked onto one of those fake Flash installers that you run into on some of the sketchier websites, or else was installed by a "Mac support specialist" at some Indian call center (yes, there are also websites that target Mac users with the same bogus "Your comput

Whoever dies with the most toys wins.

Working...