A new variant of the Fruitfly malware has been found on hundreds of Apple Macs. The malware has been infecting Macs for at least five years while remaining undetected by both macOS and commercial antivirus products. The malware appears to be a variant of a malicious program that was first detected in January.
There are multiple strains of FruitFly. The code is different on each strain, but they use similar spying techniques. Both types of malware capture screenshots, keystrokes, webcam images, and information about the infected Macs. They each also collect information about devices connected to the same network. There has been no evidence found that the malware can be used to install ransomware or collect banking credentials.
The infections are known to number nearly 400 and could possibly be much higher. The infection appears to concentrate on home users, not businesses, and as many as 90 percent of the victims were in the U.S. The malware relies on functions that were retired long ago, but remains installed once a Mac is infected. Researchers found the code was modified to work on the Mac Yosemite operating system, which was released in October 2014.
Although the method of infection remains unknown, it is believed to involve tricking users into clicking on malicious links. The exact purpose of the malware is also unclear. The findings have been reported to law enforcement officials. When contacted for comment, he FBI said it does not confirm or deny the existence of investigations.
Mac users typically think they’re immune to malware. Although Mac malware is considerably less widespread than Windows, it still exists. According to a McAfee report, Mac malware skyrocketed in 2016, but most of it was adware, not spyware.