«Fruitfly», el malware que lleva años espiando a los ordenadores Mac

Hackers

Six months ago the "Fruitfly" malware It was discovered and caused quite a stir, as the virus has been attacking for years without being noticed. How to operate this malware is to hijack remotely complete control of the infected computer: files, webcam, screen, roof and mouse.

The cybersecurity company Malwarebytes was the one that discovered the first strain of this virus at the beginning of the year, but recently a second version named "FruitFly 2" has appeared.

However, little is known about the newly discovered infection, above all because it is very rare to find malware directed at attack Mac. Former NSA hacker and now Synack's chief security researcher, Patrick Wardle, began in parallel to Apple patches an investigation.

The results of the analyzes indicate that the virus has been infecting computers for about a decade and affects the newer versions of macOS. "Fruitfly" connects to a command server where a cyber attacker can remotely spy on and control the Mac.

However, the degree of infection is unknown in detail. "It's not the most sophisticated Mac malware," Wardle noted as he points out "ZDNet", So to interact with him he had to" create a command and control server that could speak the 'language' of malware, "he added.

«The most interesting feature is that malware can send an alert when user is activeWardle said, so the attacker can avoid interfering with the computer silently. "I have not seen it before," he further assured. Also, apparently this malware pcan take screenshots variable quality screen - a useful system for low bandwidth connections or to try to evade detection.

Wardle points out that around 400 users contacted him as victims of said infection and that the 90% of the known victims are settled in the United States. Which provided a notion that Mac viruses exist, although the number is less than on Windows computers. "Mac users are more confident," Wardle told "CNN».

The former NSA hacker does not believe it is a case of cyber espionage of State or a criminal who wants to kidnap the data in exchange for a ransom, but «I think their goals were much more insidious and sick: spying on peopleWardle concluded.