Apple appears to have nixed the “Fruitfly” malware strain.
The malware, which has been patched over, relied on antiquated code predating OS X. Although older, the Fruitfly malware had been used in real-world attacks on biomedical research groups according to security software maker Malwarebytes.
Fruitfly operated by communicating with two command-and-control servers, and can perform actions like typing, webcam and screen captures, and moving and clicking a mouse cursor, Malwarebytes said in a blog post on Wednesday. It also maps other devices on a network and tries to connect to them.
What made Fruitfly interesting was that it relied on pre-OS X system calls, and even open-source “libjpeg” code not updated since 1998. Much of the software is said to be Linux-compatible, possibly suggesting the existence of a native variant. Related Windows executables are said to exist, but date back to at least 2013.
Malwarebytes stated that the software, which was older, did include a comment for a change in OS X Yosemite, which Apple released in 2014.
Malwarebytes didn’t elaborate on the alleged biomedical attacks, except to say there’s no evidence linking them to a specific group. Chinese and Russian hackers have, however, been known to steal American and European scientific data.
While serious malware threats tend to be rare on the Mac, Apple has instituted a bug bounty program, offering developers and those interested in security rewards for bugs discovered.
Stay tuned for additional details as they become available.
Via AppleInsider and Malwarebytes