Mac Malware Caught Spying on Computer Users

Mac Malware Caught Spying on Computer Users”

The malware relies on functions that were retired long ago and uses a crude method to remain installed once a Mac is infected. An attacker can even remotely kill the malicious program's process entirely to avoid the possibility of being detected by a suspicious victim. "Its features had looked like they were actions that would support interactivity: it had the ability to alert the attacker when users were active on the computer, it could simulate mouse clicks and keyboard events". As demonstrated by the backup servers, the Macs remained susceptible to spying by anyone who took the time to register one of the hardcoded domains.

Armed with his Python-based command and control scripts, he registered some domains, and fired up his servers.

"I thought - 'f**k!' - I have to be responsible here", he said. In the meantime you can read the full ZDNet article here. "I just logged the connections and parsed the computer names, then closed the connection", he said.

Ninety percent of the users that connected to the C&C servers were located in the United States, and most were individual users rather than groups such as companies or research firms as the early reports had indicated.

But questions remain over where the malware came from, and what goal it performs. Instead, he believed the malware was the work of a single hacker using the malicious tool to spy on people. Compared to newer, more sophisticated malware, Fruitfly is much easier to detect.

Wardle also discovered in his exploration of the malware that it is still present and active on infected computers.

It has infected almost 400 victims, mostly in the USA - though there could be more infections out there - and Wardle has shared his findings with law enforcement.

One of the interesting aspects of the latest Fruitfly variant is that it flew under the radar for so long. "This is just another illustration that Macs are just as vulnerable as any other computer". Malwarebytes was alerted to it by a system admin who discovered it when he noticed unusual outgoing network traffic. "Most don't even look for this kind of activity".

Through his command and control server, Wardle was able to uncover the capabilities of Fruitfly by making requests of the malware and seeing how it would respond, giving him unprecedented access to the malware.

Wardle is scheduled to speak about the malware at the Black Hat conference in Las Vegas on Wednesday.

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Like this



25 July 2017
Testigos apuntan al guarda por el accidente del tren en Mariano Acosta
El impacto provocó dos muertos y 14 heridos , según confirmaron los Bomberos Voluntarios de Mariano Acosta . Allí tomó el 503 para nunca más regresar a su hogar, el cual compartía con sus dos hijos, de 15 y 2 años .

25 July 2017
Gatlinburg parents charged with murder after child left in car overnight
A set of parents have been arrested and booked into jail in Sumner County after their child died in a hot auto in Gatlinburg. This afternoon, information was developed that Anthony and Jade Phillips were at a home in Westmoreland, Tennessee.

25 July 2017
Child born with HIV in remission for years without medication
An injection may soon be available that prevents the virus spreading and could rid sufferers of the infection, a study implies. The unnamed youngster, from South Africa , was given a short course of antiretroviral therapy treatment shortly after birth.

25 July 2017
Will Song Joong-ki star in reality show with Song Hye-kyo?
The "Nice Guy" star said that he told Hye Kyo to announce their wedding because he saw a lot of groundless rumors about them. Since most Hallyu stars marry at an older age, Song Joong Ki was asked about his decision to tie the knot at a young age.

25 July 2017
Linkin Park releases first statement after singer's death
You fearlessly put them on display, and in doing so, brought us together and taught us to be more human. Linkin Park followed the album with songs including Numb, What I've Done and Somewhere I Belong.

25 July 2017
Reilly included in World Cup squad
England, who won the World Cup for the first time in 20 years in 2014, begin their defence against Spain in Dublin on 9 August. It's understood several current squad members will move to a sevens contract.

25 July 2017
The Dunkin' Brands Group, Inc
According to this scale, a rating of 1 or 2 would indicate a Buy, and a rating of 4 or 5 would signify a Sell recommendation. Federated Investors, a well-known provider of investment management products and related financial services.

25 July 2017
Silver Bay Realty Trust Corp
The stock has "Sell" rating by Stifel Nicolaus on Monday, December 14. (NASDAQ:CYNO) on Thursday, August 13 with "Hold" rating . Finally, Wells Fargo & Company MN boosted its stake in Piedmont Office Realty Trust by 1.0% in the first quarter.

25 July 2017
'Star Trek: Discovery' Comic Con Trailer Teases A Klingon/Starfleet War
Star Trek: Discovery is an upcoming American television series created by Bryan Fuller and Alex Kurtzman for CBS All Access. The veteran actor however, has responded very positively to the news about Rapp's character in Star Trek: Discovery .

25 July 2017
The Justice League trailer hints at Superman's return
It was confirmed that Hal Jordan and John Stewart will appear in the flick, ScreenRant reports. "We don't have any more time". Could it be someone else then? Justice League trailer also teased the introduction of Green Lantern . "No Lanterns", he says.