Image of fruit fly and apples

Fruitfly Malware Targets Apple Computers.

Aug 4, 2017

The recently discovered Fruitfly can have profound implications for your business.

You must take a proactive approach to cybersecurity to keep your data secure. Whenever a new hacking technique or virus appears, you must pay attention. This is the case with a new variation of the Fruitfly malware.

Fruitfly Malware Protection

What makes Fruitfly so notable has nothing to do with the number of infected computers. Instead, it’s because Fruitfly targets the macOS operating system and has been doing so for years without anyone realizing it.

Fruitfly Malware: Breaking It Down

To understand the situation with Fruitfly, it’s important to understand two distinct concepts: The original version and the variant that affected Mac computers in July of 2017.

Malwarebytes discovered the original version of Fruitfly.  It spied on computers in medical research centers for years before being discovered. Once it was identified, Apple closed the holes and updated its operating system to detect and eliminate it.

The recently discovered Fruitfly variant is a different matter altogether. This new version of Fruitfly has been around for at least five years. While the total number of infected Macs is estimated to be only around 400, it could be much higher than people realize.

What makes this new version of Fruitfly so terrifying is that it can not only capture screenshots and keystrokes from affected Macs, but it can also take over the webcam and capture live images without anyone knowing anything is happening. Even though the green indicator light on all Mac hardware is wired directly into the motherboard (meaning that if the camera turns on the light is supposed to turn on), Fruitfly has found a way around this.

Fruitfly can also analyze other devices connected to the same WiFi network—Something that should be troubling to business owners and enterprise users.

Fruitfly’s exact method to infect machines is still unknown, but it involves tricking users into clicking on malicious links in fraudulent emails. While it’s true that the primary “command and control” server used by Fruitfly’s creator was shut down, there are potentially hundreds (if not thousands) of infected computers in use that still have the malware strain hidden inside.

Due to the nebulous nature of Fruitfly, there aren’t specific steps that you can take to protect yourself or remove an infection that’s already occurred. Security experts recommend that Mac users install a program like OverSight, a tool specifically designed to monitor the use of a computer’s microphone and webcam.

Mac Malware: What You Need to Know

The fact that “Macs don’t get computer viruses” is a myth that has existed since the 1990s. In 2006, security researchers discovered the first malware specific to the OS X operating system.  Fast-forward to 2015 and more than 1,400 unique malware samples were discovered.

Part of this stems from the fact that there were so many more Windows computers in use, and that Windows was a less secure operating system. This combination resulted in an explosion of viruses and malware during the 1990s, and personal computers became a more ubiquitous part of our daily lives.

With Apple’s resurgence over the last 15 years, the pendulum has swung the other way. There are still more Windows viruses than there are Mac viruses. However, malware attacks on Macs were up an incredible 744% in 2016 alone. During the fourth quarter of that year, malware samples targeting the macOS operating system increased by 245%!

All of this underscores the importance of employee training in terms of cybersecurity. If your employees assume that because they’re using Apple computers, they don’t have to take steps to protect themselves, they’re a security vulnerability for your business. Mac users are now targeted by phishing scams and other sophisticated attacks. As a business leader, you must ensure all your employees are regularly trained to remain safe in the digital world.

The Fruitfly malware may be one of the most recent strains to target Apple computers. However, it certainly won’t be the last. If you’re in {city} and would like to learn more about this or other cybersecurity topics, contact {company} by sending an email to {email} or by calling us at {phone}. We offer the IT services Colorado Springs businesses can rely on.