Mac users typically think they’re immune to malware. But a new strain used for spying reminds us even Macs can be compromised.
Researchers found an unusual piece of malware, called FruitFly, that’s been infecting some Mac computers for years.
FruitFly operates quietly in the background, spies on users through the computer’s camera, captures images of what’s displayed on the screen and logs key strokes.
Security firm Malwarebytes discovered the first strain earlier this year, but a second version called FruitFly 2 subsequently appeared.
Patrick Wardle, chief security researcher at security firm Synack, found 400 computers infected with the newer strain and believes there’s likely many more cases out there.
It’s unclear how long FruitFly has been infecting computers, but researchers found the code was modified to work on the Mac Yosemite operating system, which was released in October 2014. This suggests the malware existed before that time.
It’s unknown who is behind it or how it got on computers.
Thomas Reed of Malwarebytes called the first version “unlike anything I’ve seen before.”
Wardle says there are multiple strains of FruitFly. The malware has the same spying techniques, but the code is different on each strain.
After months of analyzing the new strain, Wardle decrypted parts of the code and set up a server to intercept traffic from infected computers.
“Immediately, tons of victims that had been infected with this malware started connecting to me,” said Wardle, adding he could see about 400 infected computer names and IP addresses.
He believes this reflects only a small subset of infected users.
The discovery of FruitFly reminds users that although Mac malware is considerably less widespread than Windows, it still exists.
“Mac users are over-confident,” Wardle said. “We might not be as careful as we should be on the internet or opening up email attachments.”
Apple (AAPL, Tech30) did not respond to a request for comment.
Mac malware has increased in recent years….