A malware attack on Apple’s Mac computers remained undetected for years and introduced a slew of infections to machines. Security firm Synack points out that the malicious content managed to lay undiscovered on Macs for almost a decade and took control of webcams, keyboards, and other parts of the MacOS platform.
While attacks on Microsoft’s Windows platform are common, major breaches of Mac devices are more sporadic. At least that’s what we’re told. Apple’s closed shop system means it has complete control over everything, whereas Windows moves to numerous OEMs. It is a similar situation on mobile, with closed iOS perceived to have less security flaws as Android.
I will not add an opinion on whether I believe these statements to be true or misconceptions, but the obvious fact is Mac machines are not invulnerable.
Patrick Wardle, a researcher for Synack, says the malware that infected Macs is known as Fruitfly. It is a variant of a malicious software that was first discovered in January but is known to have been in the wild for two years.
The malware has been operating on Mac for much longer. During infection, the software can capture keystrokes, webcam content, screenshots, and gather information about an infected machine. It can also spread its spyware through a network to gather information from other computers.
Wardle discovered a variant of the malware that has spread across a large number of Macs. It managed to thwart Apple’s antivirus software and remain undetected for years. He could trace it back to the original domains and found them active.
After registering an address, Wardle was amazed to see 400 infected Macs connect to the server. The malware was still operational and he could have used it to spy on the machines.
“This shows that there are people who are sick in the head who are attacking everyday Mac users for insidious goals,” Wardle said in an interview with Ars. “A lot of Mac users are overconfident in the security of their Mac. [The discovery] just goes to reiterate to everyday users that there are perhaps people out there trying to hack their computers.”
Wardle has been unable to decipher how the infection is created or why it is being used. It has been sitting for years, spying on machines, and is not believed to be capable of installing ransomware. It is also unable to take financial details.
The researcher also discounts state sponsored actors for spying. He reasons that regular home users were targeted and not companies and organizations:
“I don’t know if it’s just some bored person or someone with perverse goals,” Wardle said. “If some bored teenager is spying on me, that would still be very emotionally traumatic. If it’s turning on the webcam, that’s for perverse reasons.”