Fruitfly Lives for a Decade Undetected on Macs
posted Saturday Jul 29, 2017 by Scott Ertz
For many, many years, there has been an insidious misconception about Macs that has managed to outlive its own safety. If you survey Mac users, you will find that many of them believe that Macs are impervious to malware and viruses. In the past, there was a little truth to the myth - not that it was impossible, just that no developers cared enough about the nonexistent market. Outside of schools, no one really had a Mac, so writing malicious software had no value.
After the success of the iPod and iPhone, Apple began to see an increase in sales. Those sales are not enough to be excited about for Apple, but they are enough to get hackers interested. In the last 15 years or so, many malicious programs have been developed for macOS, but the myth of safety has continued. In fact, Apple themselves turned the myth into a lie when they used it in their marketing for Macs.
Following this lie, a piece of malicious software, called Fruitfly, was developed and released to the Mac ecosystem. The developers have since disappeared, but the software has not. In fact, the software, which logs keystrokes and can take over a computer's webcam and keyboard, is still out in the wild.
As part of Black Hat USA 2017, researchers turned on a server to receive data from any infected computers, and to their surprise, at least 400 still-infected computers called in to let the developers know all that had happened in the years since they last called home. This virus, which seems to specifically target biomedical computers, has flown under the radar for as long as a decade.
The reason why it has been missed could be because of the almost complete lack of antivirus in the Mac ecosystem, because of this pervasive lie. No matter the product, don't believe the hype: assume everything can be compromised, because if your DVR can help take down the internet, anything is possible.