Malwarebytes Discovered A ‘Fruitfly’ Malware That Runs Using Antiquated Code On Mac

Author Photo
Jan 18, 2017
14Shares
Submit

All software are prone to certain forms of threats and at this time they’re too common. According to folks over at Malwarebytes, a new malware is discovered which is being called ‘Fruitfly’. According to the Malwarebytes Labs, they have discovered the “first Mac malware of 2017”. The malware runs at the backend using the antiquated codes that remains undetected. In addition to the recent discovery, Fruitfly has been present for quite a while on macOS systems. Let’s see some more details on the matter.

Malwarebytes Labs Discover The ”first Mac malware of 2017”

The newly discovered malware has been designed to target research institutes in the field of biomedical. Malwarebytes Labs also coins that Fruitfly is detected using “OSX.Backdoor.Quimitchin,” which is making use of the same code that exists before OS X itself. The report further adds the notion that the code could potentially show signs of running on Linux. Fruitfly was first recognized by an IT administer who noticed an irregular amount of outgoing network activity from a Mac. It contains only two files and it uses a hidden script to communicate back to the servers with screenshots.

macos-mainRelatedUse Command Line to Update Your Mac to the Latest macOS Release – How to

“Another clue, of course, is the age of some of the code, which could potentially suggest that this malware goes back decades. However, we shouldn’t take the age of the code as too strong an indication of the age of the malware. This could also signify that the hackers behind it really don’t know the Mac very well and were relying on old documentation. It could also be that they’re using old system calls to avoid triggering any kind of behavioral detections that might be expecting more recent code.

Ironically, despite the age and sophistication of this malware, it uses the same old unsophisticated technique for persistence that so many other pieces of Mac malware do: a hidden file and a launch agent. This makes it easy to spot, given any reason to look at the infected machine closely (such as unusual network traffic). It also makes it easy to detect and easy to remove.”

Apple is aware of the malware and the report suggests that the company is working on fixing it. The company will do this by releasing an update which will possibly solve the issue. We will update as soon as we hear more on the matter.

This is it for now, folks. What are your thoughts on Malwarebytes Labs discovery of Fruitfly? Share your thoughts in the comments.

Source

Submit