INFRA
INFRA
INFRA
Newly discovered Mac malware uses pre-OS X code
Security researchers at Malwarebytes have discovered a new type of Mac malware that, surprisingly enough, uses antiquated code to gain access to infected Apple computers.
Dubbed Fruitfly, the malware, which is believed to have been created some time ago but has only now been detected, features antique system calls, some dating back to pre-OS X days.
The old code isn’t the only surprising thing about Fruitfly, with the code seemingly designed to target only biomedical research computers, suggesting that Chinese or Russian hackers seeking information from U.S. and European companies may have designed it. Fruitfly contains two files, one of which communicates back to servers, takes screenshots on both Mac and Linux, and grabs the system’s uptime. The second script delivers the ability to hide its icon from showing in the MacOS Dock.
“The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing network traffic from a particular Mac,” Malwarebytes Security Researcher Thomas Reed said in a blog post. “This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to be targeting biomedical research centers.”
Supporting the idea that the malware had been designed primarily for espionage, Reed added that “it seems that this malware is trying to exfiltrate data from anything it can access. Since this has been seen infecting Macs at biomedical facilities, we believe it’s being used for espionage to steal scientific data — but we don’t know at this point who might be behind the malware.”
While potentially lurking in plain sight for a number of years, the good news is that now that it has been discovered, it’s easy to detect and remove. Malwarebytes detects the malware as OSX.Backdoor.Quimitchin. Apple itself has released a Gatekeeper update, a form of update that automatically installs without user input, to protect Mac users.
Image credit: bartworldv6/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
