Mac malware that let its operator spy on its victims went unnoticed for years

A nasty piece of Mac malware has been spying on hundreds of victims’ computers – and it went unnoticed for years.

That’s according to Synack security researcher Patrick Wardle, who spoke to both Ars Technica and ZDNet about his findings ahead of a talk at the Defcon hacker conference on Wednesday.

A piece of Mac malware, called Fruitfly, was first discovered and patched by Apple back in January 2017.

But Wardle has discovered a variant in the wild. It reportedly gives the attacker control over the victim’s computer – they can take webcam photos and screenshots of their screen, record their keystrokes, and more.

It has infected nearly 400 victims, mostly in the US – though there could be more infections out there – and Wardle has shared his findings with law enforcement.

So who’s behind the years-old malware? It’s not clear, but Wardle suggested it could be a lone hacker looking to spy on people for “perverse” reasons.

“This shows that there are people who are sick in the head who are attacking everyday Mac users for insidious goals,” he told Ars Technica. “A lot of Mac users are overconfident in the security of their Mac. [The discovery] just goes to reiterate to everyday users that there are perhaps people out there trying to hack their computers.”

He added: “I don’t know it if it’s just some bored person or someone with perverse goals … If some bored teenager is spying on me, that would still be very emotionally traumatic. If it’s turning on the webcam, that’s for perverse reasons.”

More broadly, the number of cases of malware targeting Macs is continuing to surge, growing by 53% over the first quarter of 2017, according to an analysis by McAfee.

In Q1, the security firm detected more than 700,000 instances of malware on Macs, which this growth largely down to adware bundling (people installing apps and games that come bundled with dodgy software, or “adware,” that sticks ads on their computer).

mcafee mac malware q1 2017

source
Apple