UPDATED 23:09 EST / JANUARY 18 2017

INFRA

Newly discovered Mac malware uses pre-OS X code

Security researchers at Malwarebytes have discovered a new type of Mac malware that, surprisingly enough, uses antiquated code to gain access to infected Apple computers.

Dubbed Fruitfly, the malware, which is believed to have been created some time ago but has only now been detected, features antique system calls, some dating back to pre-OS X days.

The old code isn’t the only surprising thing about Fruitfly, with the code seemingly designed to target only biomedical research computers, suggesting that Chinese or Russian hackers seeking information from U.S. and European companies may have designed it. Fruitfly contains two files, one of which communicates back to servers, takes screenshots on both Mac and Linux, and grabs the system’s uptime. The second script delivers the ability to hide its icon from showing in the MacOS Dock.

“The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing network traffic from a particular Mac,” Malwarebytes Security Researcher Thomas Reed said in a blog post. “This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to be targeting biomedical research centers.”

Supporting the idea that the malware had been designed primarily for espionage, Reed added that “it seems that this malware is trying to exfiltrate data from anything it can access. Since this has been seen infecting Macs at biomedical facilities, we believe it’s being used for espionage to steal scientific data — but we don’t know at this point who might be behind the malware.”

While potentially lurking in plain sight for a number of years, the good news is that now that it has been discovered, it’s easy to detect and remove. Malwarebytes detects the malware as OSX.Backdoor.Quimitchin. Apple itself has released a Gatekeeper update, a form of update that automatically installs without user input, to protect Mac users.

Image credit: bartworldv6/Flickr/CC by 2.0

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.