Mac malware undetected for years allows webcam photos, key-logging, and more

“A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years,” Dan Goodin reports for Ars Technica. “The infections — known to number nearly 400 and possibly much higher — remained undetected until recently and may have been active for almost a decade.”

“Patrick Wardle, a researcher with security firm Synack, said the malware is a variant of a malicious program that came to light in January after circulating for at least two years,” Goodin reports. “Dubbed Fruitfly by some, both malware samples capture screenshots, keystrokes, webcam images, and information about each infected Mac. Both generations of Fruitfly also collect information about devices connected to the same network. After researchers from security firm Malwarebytes discovered the earlier Fruitfly variant infecting four Macs, Apple updated macOS to automatically detect the malware.”

“The variant found by Wardle, by contrast, has infected a much larger number of Macs while remaining undetected by both macOS and commercial antivirus products. After analyzing the new variant, Wardle was able to decrypt several backup domains that were hardcoded into the malware,” Goodin reports. “To his surprise, the domains remained available. Within two days of registering one of the addresses, close to 400 infected Macs connected to the server, mostly from homes located in the United States… ‘I don’t know if it’s just some bored person or someone with perverse goals,’ Wardle said. ‘If some bored teenager is spying on me, that would still be very emotionally traumatic. If it’s turning on the webcam, that’s for perverse reasons.'”

Read more in the full article here.

MacDailyNews Take: Yet another example of why we’ve been taping our Macs’ iSight cameras for years!

We use camJAMR iSight camera covers on our iMacs and MacBook Airs. They’re removable/reusable. We’ve stuck and unstuck them hundreds of times. We just leave them on and peel them aside when we want to use the iSight camera.

Mysterious Mac malware ‘FruitFly’ has infected hundreds of victims for years – July 24, 2017
Newly discovered Mac/Linux malware ‘Fruitfly’ watches your every move – January 19, 2017
How to get an alert in macOS when an app accesses the webcam or microphone – October 7, 2016
Former NSA staffer demonstrates Mac malware that can tap into live webcam and mic feeds – October 6, 2016
Mark Zuckerberg covers his MacBook’s camera and microphone with tape – June 22, 2016
How to disable the iSight camera on your Mac – February 19, 2015
Orwellian: UK government, with aid from US NSA, intercepted webcam images from millions of users – February 27, 2014
Sextortion warning: It’s masking tape time for webcams – June 28, 2013
Research shows how Mac webcams can spy on their users without warning light – December 18, 2013
Ex-official: FBI can secretly activate an individual’s webcam without indicator light – December 9, 2013
Lower Merion report: MacBook webcams snapped 56,000 clandestine images of high schoolers – April 20, 2010


  1. After researchers from security firm Malwarebytes discovered the earlier Fruitfly variant infecting four Macs, Apple updated macOS to automatically detect the malware.”

    I am glad Apple already has handled it! This sounds like a pretty big intrusion into your computer life….

  2. But the whole world knows that Macs NEVER get viruses and malware!

    We’re not so naive to believe that the low reporting of intrusions on the platform is because hackers simply don’t choose to target the platform because of it’s extremely low % usage in the enterprise world where virus intrusions pay off.’s because MacOS is GENIUS, INPREGNABLE and ABSOLUTELY PERFECT!!! Every non-naive person, like the MacDaily folks, KNOW this!

    1. You are just being sarcastic in repeating “reporter’s statements” which are plain fallacy. Apple and knowledgeable people know otherwise.

      The obvious proof is in Apple’s continual release of security patches.

  3. Home computers? wonder if it was related to that story a few years back when schools were putting sw on macbooks given to students until it was found out the “admins” were snooping in student bedrooms

    1. because the power to the camera fed through the indicator LED – thus energized camera equaled lit LED (no ability to bypass with software).

      I do not know if that is still true, but I would expect so. That is one of those fundamental security design decisions that I would hope Apple never changes.

    2. That would be the most logical way to design it, but unfortunately, that’s not how it works. On Macs there is a simple computer chip controlling the LED independently to powering the webcam and it is technically possible to reprogram this chip so that the camera can activate without the LED light.

      I suspect government spying agencies had something to do with it being this way, because I cannot think of any other reason why Apple would design it this way.

  4. I loved the first iSight camera which had a closing mechanism. Too bad that Apple didn’t continue the external iSight cameras and doesn’t offer a well-designed mechanical way to lock respectively blindfold the built-in iSight cameras.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.