14 DAY TRIAL // While Microsoft’s Windows is most often targeted by virus writers, a form of malware with spying capabilities has reportedly been active on Apple’s Mac systems for nearly a decade, with estimates pointing to thousands of infected devices.
According to Synack researcher Patrick Wardle, the new infection is a variant of Fruitfly, a form of malware that was first discovered in January this year and which Apple users are currently protected against thanks to a dedicated macOS patch released a few months ago.
But Wardie says that the new malware not only that is an evolved version of the virus with more capabilities to spy on users, but it also remained undetected for nearly 10 years, which makes it hard to determine the number of systems that actually got compromised.
400 connections to just one domain
During a research, Wardie discovered that the majority of systems are based in the United States, which is also among the top markets for Apple’s computers. When analyzing the malware’s code, the security researcher discovered a series of domains that presumably acted as command and control servers for systems that were compromised.
After taking over one of the available domains, Wardie recorded no less than 400 connections from different Macs in the United States, explaining that cybercriminals would have been able to run a series of malicious activities, such as spying on users even by turning on the camera.
“I don’t know it if it’s just some bored person or someone with perverse goals. If some bored teenager is spying on me, that would still be very emotionally traumatic. If it’s turning on the webcam, that’s for perverse reasons,” the security researcher has been quoted as saying.
It’s not yet clear how systems ended up infected with the malware, but it’s believed that users have been tricked into opening a malicious file or link that deployed the infection.
At this point, macOS users are said to be protected against the malware, with the researcher explaining that all domains used by the infection already taken down to prevent systems from connecting and receiving commands that could compromise users’ privacy. At the same time, Apple has also been informed to take proper action and release a new patch for its operating system.