This malware can control the Mac’s Webcam and Keyboard.
It’s not the first we’ve seen of this variety of malware. Security researchers at Malwarebytes discovered the malware called Fruitfly that was being used to spy on medical research centers for years. Once found, Apple provided a patch in the next OS release to protect against the malware. But another strain has now been found.
This new strain, has been on the loose for at least 5 years old. The malware captures screenshots, keystrokes, webcam images, and of course steals info about the infected Mac and other devices connected to the network.
The strain was discovered by Patrick Wardle, a security researcher from Synack. Wardle discovered that the original command and control server has been shut down. He was able to find backup domains hardcoded into the malware. These backup domains were available. Upon creating his own command and control server for testing, he quickly had 400 infected Macs connect to it, and would have been able to utilize the malware to spy on these infected machines.
The malware appears to have been abandoned. It is not known how the malware was spread, how many it infected, or even who was behind it.
The surprising thing is not that there is malware affecting Macs, that’s already been happening. It’s not what the malware can do, as we’ve seen plenty of malware that can do this. What is surprising, is that the malware has been out in the world for at least 5 years, with no one ever finding it. Realistically, it’s so old, it seems the creators walked away from the malware prior to it being discovered and protected against. Even with infected computers still out there and looking for their next command.
For years, people believed Apple products were safe from malware. Only recently have we seen a full range of malware attacks against their computers and iPhones, but this malware pre-dates these attacks. This malware, had been around, presumably carried out it’s mission, and was forgotten about during the time Apple was considered safe from such attacks. I wonder how many more are out there?