UPDATED 23:09 EST / JANUARY 18 2017

INFRA

Newly discovered Mac malware uses pre-OS X code

Security researchers at Malwarebytes have discovered a new type of Mac malware that, surprisingly enough, uses antiquated code to gain access to infected Apple computers.

Dubbed Fruitfly, the malware, which is believed to have been created some time ago but has only now been detected, features antique system calls, some dating back to pre-OS X days.

The old code isn’t the only surprising thing about Fruitfly, with the code seemingly designed to target only biomedical research computers, suggesting that Chinese or Russian hackers seeking information from U.S. and European companies may have designed it. Fruitfly contains two files, one of which communicates back to servers, takes screenshots on both Mac and Linux, and grabs the system’s uptime. The second script delivers the ability to hide its icon from showing in the MacOS Dock.

“The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing network traffic from a particular Mac,” Malwarebytes Security Researcher Thomas Reed said in a blog post. “This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to be targeting biomedical research centers.”

Supporting the idea that the malware had been designed primarily for espionage, Reed added that “it seems that this malware is trying to exfiltrate data from anything it can access. Since this has been seen infecting Macs at biomedical facilities, we believe it’s being used for espionage to steal scientific data — but we don’t know at this point who might be behind the malware.”

While potentially lurking in plain sight for a number of years, the good news is that now that it has been discovered, it’s easy to detect and remove. Malwarebytes detects the malware as OSX.Backdoor.Quimitchin. Apple itself has released a Gatekeeper update, a form of update that automatically installs without user input, to protect Mac users.

Image credit: bartworldv6/Flickr/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU