Malwarebytes Discovers ‘Fruitfly’ Malware in macOS That Runs Using ‘Antiquated Code’


Threats in software are all-too-common, and according to Malwarebytes Labs, they’ve discovered the “first Mac malware of 2017.”

The lab says it is being called “Fruitfly,” and the research lab says it uses antiquated code to help it run behind-the-scenes undetected. Moreover, that malware has been running for quite some time, too, on macOS systems, and has been used to target research institutes working in the biomedical field.

Malwarebytes points out that Fruitfly is detected by “OSX.Backdoor.Quimitchin,” which is using code that actually predates OS X itself. The report adds that some of the code could show signs of potentially running on Linux. The malware was first discerned by an IT administrator who became aware of an irregular amount of outgoing network activity from a specific Mac.

“Another clue, of course, is the age of some of the code, which could potentially suggest that this malware goes back decades. However, we shouldn’t take the age of the code as too strong an indication of the age of the malware. This could also signify that the hackers behind it really don’t know the Mac very well and were relying on old documentation. It could also be that they’re using old system calls to avoid triggering any kind of behavioral detections that might be expecting more recent code.

Ironically, despite the age and sophistication of this malware, it uses the same old unsophisticated technique for persistence that so many other pieces of Mac malware do: a hidden file and a launch agent. This makes it easy to spot, given any reason to look at the infected machine closely (such as unusual network traffic). It also makes it easy to detect and easy to remove.”

Apple has named the malware, and the report indicates that the company is working on a fix, and an update could arrive soon to fix the issue.

[via 9to5Mac; Malwarebytes Lab]

Like this post? Share it!

Related Topics: macOS, Security