31 July 2017

ZDNet: “New details emerge on Fruitfly, a near-undetectable Mac backdoor”

Apple released security patches for Fruitfly earlier this year, but variants of the malware have since emerged. The core of the malware is an obfuscated perl script using antiquated code, with indicators in the code that suggest the malware may go back almost half a decade or more, the security firm said. Nevertheless, the malware still works well on modern versions of macOS, including Yosemite. Fruitfly connects and communicates with a command and control server, where an attacker can remotely spy on and control an infected Mac.

He found that he could take complete control of an infected Mac, including its keyboard and mouse, take screenshots of the display, remotely switch on the webcam, and modify files. The malware can also run commands in the background, and even kill the malware’s process altogether – likely in an effort to avoid detection.

Zack Whittaker

If five-year-old malware can successfully infect macOS, what does that say about Apple’s security – or about the level of resources dedicated to macOS development?

Post a Comment