A customer types on a MacBook laptop at an Apple Store following an announcement that Apple has become the world's most valuable brand on May 9, 2011 in San Francisco, California. "A lot of Mac users are overconfident in the security of their Mac". But a new strain used for spying reminds us even Macs can be compromised.
After researchers from security firm Malwarebytes discovered the earlier Fruitfly variant infecting four Macs, Apple updated macOS to automatically detect the malware. Dubbed Fruitfly by some, both malware samples capture screenshots, keystrokes, webcam images, and information about each infected Mac.
While Apple patched to protect against earlier versions of Fruitfly back in January, it's unclear whether Macs running Apple's latest operating systems are vulnerable to the current iteration of the malware. One of the researchers working on learning more about Fruitfly is Patrick Wardle, who was formerly a hacker for the NSA and is now the chief security officer at Synack. Instead, he believed the malware was the work of a single hacker using the malicious tool to spy on people. While he wouldn't comment on how many were affected by the malware, he suggested it wasn't widespread.
It's unknown who is behind it or how it got on computers.
When the initial Fruitfly malware was detected it connected to a command and control server.
He believes this reflects only a small subset of infected users.
A nasty piece of Mac malware has been spying on hundreds of victims' computers - and it went unnoticed for years.
Wardle told Ars Technica that he shared the machines' IP address and user name with the United States authorities, and they will likely try to contact the users and inform them that their computers are compromised. "We might not be as careful as we should be on the internet or opening up email attachments". According to a report from McAfee, Mac malware skyrocketed in 2016, but most of it was adware - or malicious advertising - as opposed to targeted spy campaigns. Wardle said he found no evidence the malware can be used to install ransomware or collect banking credentials. He alerted national law enforcement to the malware.
Prior to the January revelation of Fruitfly's existence, the malware had apparently existed undetected in the wild for several years "because current Mac security software is often rather ineffective", Wardle explained.
Wardle, a former NSA analyst, ruled out the possibility of a nationstate hacker who targets users to intercept data for cyberespionage.
"I don't know it if it's just some bored person or someone with perverse goals", Wardle said.