Mac-targeting malware seems to be taking a page from summer blockbusters. Fruitfly 2 – the successor to January’s Fruitfly – has been discovered to be a bigger, badder version, tracking hundreds of home users around America. This sequel expands the reach of the original, which stole screenshots and webcam activity from Macbooks and other macOS machines for years. Currently, there is no way to check if your Mac is infected with Fruitfly 2, and we will update this story if we find out how. Patrick Wardle – Director of Research at the Menlo Park-based Synack security firm – discovered this new version of Fruitfly, and discovered that it’s infected hundreds of users , 90 percent of which are in the United States. According to a tweet he posted, Wardle’s now alerted police authorities to this matter. Much like the original Fruitfly, this newly-discovered strain appears to have been in the wild without anyone noticing. Wardle told Motherboard “that when he first discovered FruitFly 2, no anti-virus software detected it,” though now that he’s reported it to the authorities, that hopefully has changed – or will soon. MORE: Best Antivirus Software for Mac As always, this is as good occasion as any to remind Mac users that, yes, they need to use anti-virus software. Our sister site Tom’s Guide’s favorite option is the $59.99 per year Bitdefender Antivirus for Mac, but the free Sophos Home for Mac also offers strong protection. While Apple released a background-downloading security update to squish the first Fruitfly, it’s unclear if they company has acted to destroy this new unwanted pest. We expect to learn more on Wednesday, when Wardle presents a 25-minute briefing on this topic at the Black Hat USA 2017 security convention in Las Vegas. Fruitfly 2 looks to have been in the wild longer than Fruitfly 1, as the original version only traced back to 2014, while Wardle says the sequel “may have been lurking around for 5 or 10 years.” During that time, Fruitfly 2 appears to have surveilled infected machines, collecting data to send to its home base. But unlike the first Fruitfly, which appeared to target biomedical research facilities to possibly pilfer trade secrets, the successor isn’t going after corporate users. Wardle told Ars Technica that Fruitfly 2 mostly affected home users, most of the “close to 400 infected Macs connected to the [malware’s] server,” were located in homes across the United States. In comparison, the original Fruitfly was found on only four Macs. The other similarity Fruitfly 2 bears to the original is that Wardle doesn’t know how it infects systems in the first place. It could be used via a social engineering attack – a rather popular means to get users to click links or email attachments they shouldn’t – or a macOS flaw could be the entry-point. Credit: Andreas Berheide / Shutterstock
macOS High Sierra Tips
Previous TipNext Tip
How to Download and Install macOS High SierraHow to Use Picture-in-Picture on a MacHow to Use Siri on Your MacHow to Use Optimized Storage in macOS SierraHow to Use Memories in the Photos App on MacHow to Use Messages in macOS SierraHow to Use Apple Pay in macOS SierraHow to Unlock a MacBook with Your Apple Watch