Malware "FruitFly" that was infected with hundreds of Macs but was not noticed for several years

ByWesson Wang

Although hundreds of Macs were infected for several years, researchers and security experts were not noticed until a couple of months agoFruitFlyIt is clear that the presence of malware targeting macOS named "

Mysterious Mac Malware Has Infected Victims for Years - Motherboard
https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years


Security company'sMalwarebytesIn January 2017 I found a malware called "FruitFly". FruitFly is a malware programmed to monitor the users of infected Macs through webcams, capture screens, and record key inputs. It is clear that FruitFly has been infected with Mac for a long period of 5 to 10 years, but this was never detected.

At the same time, the existence of "FruitFly 2" which can be said to be a subspecies of FruitFly has also been clarified. It seems that it is unknown who scattered these things or what they aimed at.

ByBfishadow

According to Patrick Wald, a former spy agency hacker who is now developing a free security tool for Apple, "FruitFly 2", a variant of FruitFly found in 2017, is detected with antivirus software I heard that I can not do it. Even more surprisingly, this FruitFly 2 has been found lurking in the Mac for a long period of 5 to 10 years, and it became apparent that hundreds of Macs were infected worldwide It is.

According to Wardle et al. Investigating FruitFly and FruitFly 2, the infection method of FruitFly is unknown, it is not whether it uses the defect of the code of macOS or is installed by social engineering etc. method . In addition, Apple does not seem to get comments on FruitFly, and the news media Motherboard says "I do not know if the Mac is still in danger."

Mr. Wold has published a list of FruitFly infected people on his Twitter account, and the number of people infected is about 400 people.

Wrote C & amp; C server to analyze-virus for@ BlackHatEvents/@ DefconTalk. Took over a C & amp; C addr & 100s (90% in): 'hi, task us'now involvedPic.twitter.com/DxS1y8KYZB

- patrick wardle (@patrickwardle)July 21, 2017

According to Mr. Waldo, he seems to discover FruitFly 2 by programming to send data back to a bot controlled by a hacker or hacker via the backup server when the main server is down. In addition, it seems that we analyzed this strange malware by registering a backup domain and infecting its own virtual machine with FruitFly.

According to the walled et al, although whether infected with Mac in any path FruitFly at the moment is unclear, it seems to see and not have been made by the State since the impression that has not been refined. In addition, infected with the Mac I heard there are also those in the research facility, it is the most general of the terminal, so 90 percent of infected persons is an American or Canadian residents.

Also, it seems that FruitFly does not seem to be interested in requesting money like money or stealing credit card numbers or passwords. In addition, Mr. Woodle claims FruitFly and FruitFly 2 as "made for surveillance," but FruitFly 2 has a function that allows you to move the mouse cursor and remotely control the keyboard So, more advanced activities are possible than FruitFly. FruitFly is malware written in Perl, which is the language used by malware for a long time.

ByAmerican Advisors Group

"Using FruitFly is not a spy or cyber criminal, FruitFly did not fit those types," Mr. Wold said. In addition, "I have to be truly cautious when I use computers with my computer, and they are not safe because the terminals I use are not Mac".

Mr. Wall will be holding in Las VegasBlack HatWhenDef ConI am going to talk about FruitFly 2 in.