Fruitfly malware Can Control a Mac’s Webcam and Keyboard
A malware designed for MacOS was identified earlier this year. Now, there has emerged another variant of the malware. While reports initially claimed it to be a new variant, further investigations have revealed that this was a malware that has been active for years and has been undetected all this time.
According to reports, Apple has released a patch for the malware termed Fruitfly. However, newer variants of the malware have already emerged. In an analysis by Patrick Wardle, chief security of Synack and former NSA hacker, Fruitfly was found to be in development for years, yet it works well on newer versions of MacOS and it also deploys a Command & Control server that directs the malware on what should be done on the affected machine. He also revealed that the malware had the ability to completely take over the infected system and carry out actions including controlling the keyboard and mouse, take screenshots, run background processes, discreetly turn on the webcam, as well as modify and steal files. In order to remain undetected, it can even terminate its own process in the system.
“The most interesting feature is that the malware can send an alert when the user is active,” said Wardle. “I haven’t seen that before.” In addition to his discovery, he observed that when the malware connects, the IP address, the user’s name, and computer name will be displayed. 90% of the victims were found to be in the US.
Wardle has said that the malware most likely infects systems through malicious email attachments. “You have to realize that this kind of re-exposes the fact that you can be an ordinary person and still be victim of a really insidious attack,” Wardle stated. “This is just another illustration that Macs are just as vulnerable as any other computer.” Apple has not made a statement about the malware as of publishing of this article.