“A Mac malware that’s been spying on biomedical research centers may have been circulating undetected for years, according to new research,” Michael Kan reports for IDG News Service.
“Antivirus vendor Malwarebytes uncovered the malicious code, after an IT administrator spotted unusual network traffic coming from an infected Mac,” Kan reports. “The malware, which Apple calls Fruitfly, is designed to take screen captures, access the Mac’s webcam, and simulate mouse clicks and key presses, allowing for remote control by a hacker, Malwarebytes said in a blog post on Wednesday.”
“Malwarebytes found evidence suggesting that Fruitfly has been infecting Macs undetected for at least few years. For instance, a change made to the malicious coding was done to address OS X Yosemite, which was launched in Oct. 2014,” Kan reports. “Reed said this malware has remained undetected probably because it’s been used ‘in very tightly targeted attacks, limiting its exposure.’ Apple has already released an update that protects Macs from Fruitfly infections.”
Read more in the full article here.
“The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing network traffic from a particular Mac. This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to be targeting biomedical research centers,” Thomas Reed explains for Malwarebytes. “The malware was extremely simplistic on the surface, consisting of only two files.”
~/.client
SHA256: ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044
~/Library/LaunchAgents/com.client.client.plist
SHA256: 83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3
“These are some truly ancient functions, as far as the tech world is concerned, dating back to pre-OS X days,” Reed writes. “In addition, the binary also includes the open source libjpeg code, which was last updated in 1998… There is a comment in the code in the macsvc file that indicates that a change was made for Yosemite (Mac OS X 10.10), which was released in October of 2014. This suggests that the malware has been around at least some time prior to Yosemite’s release.”
Read more in the full article here.
MacDailyNews Take: Yet another example of why we’ve been taping our Macs’ iSight cameras for years!
SEE ALSO:
How to get an alert in macOS when an app accesses the webcam or microphone – October 7, 2016
Former NSA staffer demonstrates Mac malware that can tap into live webcam and mic feeds – October 6, 2016
Mark Zuckerberg covers his MacBook’s camera and microphone with tape – June 22, 2016
How to disable the iSight camera on your Mac – February 19, 2015
Orwellian: UK government, with aid from US NSA, intercepted webcam images from millions of users – February 27, 2014
Sextortion warning: It’s masking tape time for webcams – June 28, 2013
Research shows how Mac webcams can spy on their users without warning light – December 18, 2013
Ex-official: FBI can secretly activate an individual’s webcam without indicator light – December 9, 2013
Lower Merion report: MacBook webcams snapped 56,000 clandestine images of high schoolers – April 20, 2010