The creation of malware is increasing due to the sheer volume of new types created on a daily basis and the lure of money that can be made through organised internet crime. Originally generated as experiments and pranks, malware eventually led to vandalism and the destruction of targeted machines, although nowadays most of it is created for profit. According to new research, biomedical research centres in the U.S. have been infiltrated by a Mac malware that may have spread and remained undiscovered for years. Malwarebytes, an antivirus vendor, found the harmful code following the discovery by an IT administrator that unusual network traffic was emanating from an infected Mac.
In a blog posted by Malwarebytes, the design of the malware, dubbed Fruitfly by Apple, enables webcam access, screen captures to be taken and simulates mouse clicks and key presses, facilitating remote control by a hacker. Neither Apple nor the security firm have been able to pinpoint how the malware has been spreading. Malwarebytes researcher, Thomas Reed, said that the malware designer depended on “ancient” coding functions, dating back before the Mac OS X operating system that was launched in 2001. Fruitfly can also run on Linux. Reed attempted to run the malware on a Linux machine and except for a Mac-specific code, everything “ran just fine”. Reed added that the old coding together with the Linux commands indicate that the creators of the malware perhaps did not “know the Mac very well and were relying on old documentation” in order to generate it.
According to security researchers, Mac malware is fairly uncommon, the reason being that in general, the main aim of hackers is to attack the majority of devices that are window-based. Reed also said that this specific malware is easy to recognise as it comes in two files, one of which acts as a launch agent. However, evidence found by Malwarebytes suggested that users were unaware that Fruitfly has been infecting Macs for at least a few years. For example, an alteration to the malicious coding was done to address OS X Yosemite, which was launched in October 2014. According to Reed, it is possible this malware has remained hidden because it has been used “in very tightly targeted attacks, limiting its exposure”. The theory is that because biomedical research institutions were targeted, the malware was designed for espionage. As soon as a Mac is infected by malware, it will also try to capture information on local networks and other devices connected to it. Thankfully, an update has been released by Apple that protects Macs from being infected by Fruitfly.