Imagine, if you will, that 1 in every 8 U.S. homes contains a camera – and that for years, strangers have been watching the people in those homes without their knowledge or consent. This isn’t some dystopian fantasy – it is exactly what has been happening, for years, to Mac users.
Earlier in 2017, security experts identified a previously unknown malware specific to Macs, dubbed FruitFly, that can control a device’s webcam, recording users in the real world and taking screenshots of their computer activities. Worse, it seems that FruitFly doesn’t come in just one strain; there are potentially dozens of varieties of FruitFly, all with variations in their code to make them more difficult to detect. Perhaps the most jarring of all, FruitFly isn’t new: Experts believe the techniques date back to 2014 – or before – meaning infected Macs have been functioning as one hacker’s espionage tools for years.
The Buzz About FruitFly
Security firm Malwarebytes was the first to uncover evidence of a new, potentially sinister bit of malware back in January 2017. Experts noticed some strange network traffic coming from a Mac computer, and upon investigation, they discovered a relatively simple program that was producing confusing yet dangerous results.
Unsurprisingly to researchers, the malware relies on two unsophisticated and effective techniques for persistence: a hidden file and a launch agent. These allow the malware to remain undetected amidst Mac’s operating system for some time, running secretly in the background while users continue their day-to-day computing. While these aren’t noteworthy, there are some commands that are utterly baffling – not in their complexity, but in their datedness. Some of the functions date back to pre-OS X, and others rely on code that hasn’t been updated since 1998. Experts aren’t certain they can trace the malware back 20 years, but there is some indication FruitFly has existed at least since early 2014.
The malware seems to be interested in only two actions: taking screenshots and commandeering the webcam. Unfortunately, these actions can be devastating, depending on the user’s behavior. There are many examples of hackers using illicit images of users to blackmail them into sending money or worse, and screenshots of sensitive data can be exceptionally profitable, as well. Yet, users infected by FruitFly haven’t recognized this kind of fraud or extortion. Since the malware doesn’t include typical cybercrime features, like keyloggers, adware, or ransomware, experts are somewhat baffled by what is going on.
Further investigation into the malware determined that 90 percent of infections occur on Mac computers within the U.S. As yet, experts have identified at least 400 discrete cases, but it is likely that is only a small percentage of the true infection. The second-identified variant of FruitFly seems limited to individuals’ computers, as opposed to the first variant, which is primarily present on devices within biomedical research centers and colleges. This could be a clue to FruitFly’s purpose: The malware is a simplistic spy tool used to gather intel on confidential medical tech. However, most experts believe it is a sneaky way to watch regular people. Regardless of its purpose, FruitFly is a danger to cybersecurity, and all Mac users should know how to eliminate it.
How to Swat FruitFly Fast
While FruitFly may be old, it still contributes to Mac users’ growing uneasiness concerning Apple security. The fact is Macs aren’t nearly as secure as everyone once believed. Indeed, instances involving Mac malware increased by 744 percent in 2016, according to McAfee, another cybersecurity firm. While most of the new malware consists of annoying ads, FruitFly demonstrates that it can be much, much worse.
Unfortunately, FruitFly is nearly undetectable on users’ machines, which means users might already be infected and not realize it. The best way to stay protected against new infections is to download the latest OS updates and up-to-date security programs with antivirus for Mac. Some security programs are equipped to detect and eliminate old and new variants of the malware, which means it is vital that users don’t rely on freeware or otherwise untrustworthy security software. Users can also download tools that notify them when the webcam or microphone becomes active, but this is a secondary precaution best taken after stronger cybersecurity defenses are in place.
FruitFly is just the beginning of a revolution for Mac malware, and the sooner Mac users recognize the need for security programs and practices, the better.