A mysterious piece of malware has been infecting hundreds of Mac computers for years and went un-noticed until a few months ago.
Earlier this year, an ex-NSA hacker started looking into a piece of malware which has been described as “unique” and “intriguing.” The strain of malware was slightly different other than the one discovered on four computers earlier this year. The malware was discovered by security firm Malwarebytes, known as “FruitFly.”
The strain of malware seemed “simplistic” to the researchers at first. However, it was programmed mainly to stealthily monitor users through their webcams, capture screenshots, and log in keystrokes.
But strangely, the malware went undetected until 2015 with no indication of who could be behind it, and it contained “ancient” functions and “rudimentary” remote control capabilities, according to MalwareBytes’ Thomas Reed.
Now, according to Patrick Wardle, the second version of FruitFly, is even more puzzling. A former spy agency hacker who now develops free security tools for Apple computers and researches Mac security for Synack stated to Motherboard on a phone call that when he discovered FruitFly 2, no anti-virus software detected it. This looked like it had been snooping around for five to 10 years and nobody had any hoo-haa about it.
The two malware, FruitFly and FruitFly 2 are mysterious and neither of the security researchers Reed or Wardle knows its mechanism of infection. Whether it takes advantage of some certain flaw in MacOS’ code, or installed via social engineering, or some other way. The number of affected users as of now is hundreds but its is know that it could be more than that as Malwarebytes had put in limited visibility into FruitFly 1, and Wardle only saw a portion of infected computers by FruitFly 2.