A new variant of malware for macOS, which was originally detected in early 2017, has recently been discovered, which can reportedly spy on a host computer and steal sensitive files. To make things worse, the malicious software, which is dubbed 'Fruitfly,' went undetected for years.
According to a report by ZDNet, Apple has already issued a patch for the original version of Fruitfly, but newer iterations have already emerged. In an analysis by Patrick Wardle, chief security of Synack and former NSA hacker, while its code suggests that Fruitfly was already in development many years ago, it was found to work well on modern versions of macOS, which include Yosemite. It also utilizes a Command & Control (C&C) server, which will direct the program what to do on the victim's computer.
Furthermore, Wardle discovered that Fruitfly can basically take over an infected system, which includes controlling the keyboard and mouse, take screenshots, run background processes, discreetly turn on the webcam, as well as modify and steal files. In order to remain undetected, it can even terminate its own process in the system.
"The most interesting feature is that the malware can send an alert when the user is active," said Wardle. "I haven't seen that before." In addition to his discovery, he observed that when the malware connects, the IP address, the user's name, and computer name will be displayed. 90% of the victims were found to be in the US.
It is further speculated by the researcher that the malware infects machines via malicious email attachments. "You have to realize that this kind of re-exposes the fact that you can be an ordinary person and still be victim of a really insidious attack," Wardle stated. "This is just another illustration that Macs are just as vulnerable as any other computer."
Apple has not publicly commented yet regarding the matter.