“A mysterious piece of malware has been infecting hundreds of Mac computers for years — and no one noticed until a few months ago,” Lorenzo Franceschi-Bicchierai reports for Motherboard. “Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as ‘unique’ and ‘intriguing.’ It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as ‘FruitFly.'”

“On the surface, the malware seemed “simplistic.” It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained ‘ancient’ functions and ‘rudimentary’ remote control capabilities, Malwarebytes’s Thomas Reed wrote at the time,” Franceschi-Bicchierai reports. “The second version of FruitFly is even more puzzling, according to Patrick Wardle, the former spy agency hacker who now develops free security tools for Apple computers and researches Mac security for the firm Synack. Wardle told Motherboard in a phone call that when he first discovered FruitFly 2, no anti-virus software detected it. More surprisingly, it looks like it has been lurking around for five or 10 years and infected several hundred users.”

Franceschi-Bicchierai reports, “FruitFly and FruitFly 2 are also mysterious: Neither Reed nor Wardle know its mechanism of infection — whether it takes advantage of a flaw in MacOS’s code, is installed via social engineering, or some other way.”

Read more in the full article here.

MacDailyNews Take: If we had to bet, we’d bet on social engineering.

Thomas Reed reports for MalwareBytes that Apple “has released an update that will be automatically downloaded behind the scenes to protect against future infections.”

“Ironically, despite the age and sophistication of this malware, it uses the same old unsophisticated technique for persistence that so many other pieces of Mac malware do: a hidden file and a launch agent,” Reed reports. “This makes it easy to spot, given any reason to look at the infected machine closely (such as unusual network traffic). It also makes it easy to detect and easy to remove.”

“The only reason I can think of that this malware hasn’t been spotted before now is that it is being used in very tightly targeted attacks, limiting its exposure. There have been a number of stories over the past few years about Chinese and Russian hackers targeting and stealing US and European scientific research,” Reed reports. “Although there is no evidence at this point linking this malware to a specific group, the fact that it’s been seen specifically at biomedical research institutions certainly seems like it could be the result of exactly that kind of espionage.”

Read more in the full article here.