Newly Discovered macOS Malware Can Take Screenshots, Use the Webcam and Even Track Keystrokes

CERT-LatestNews Malware Security News ThreatsCybercrime Uncategorized

malware - macOS webcam

A new macOS malware has been discovered by Synack’s security researcher Patrick Wardle. As per his report, this new malware, which is said to be a variant of Fruitfly, can sneak into your Mac, get access to the webcam to take photos, gather screenshots, and even get your keystrokes. Wardle believes that this malware has been affecting Macs for at least five years now, or maybe even a decade.

It is said that the malware is only found in Macs currently running in American homes. The extent of the spread is not known yet, but it’s a major cause for concern in any case. Apple is yet to comment on this newly discovered malware, but knowing the company’s history, we expect it to be patched fairly soon.

Interestingly, the IP addresses bouncing off of the servers suggest that this is not being done to extort money or to harm corporations. Given that the malware involves directly gaining access to your webcam, it’s possible that this was done with perverse intent in mind. The malware makes its way to Macs by tricking users into clicking a link and installing an application, thus giving it the liberty to roam freely through your system.

Here’s an excerpt from Ars Technica’s interview with the researcher.  “Wardle said the primary command-and-control server used by the malware had been shut down earlier but that many of the affected Macs had never been disinfected. As a result, the infected Macs reported to the backup server as soon as it became available. The researcher speculated that Fruitfly was therefore abandoned by its creators. As demonstrated by the backup servers, the Macs remained susceptible to spying by anyone who took the time to register one of the hardcoded domains.”

To Wardle’s surprise, some of the domains attached to the malware were still pretty much active. However, law enforcement has been informed about this particular malware and some of these domains have been shut down for good. Naturally, Wardle has also spoken to Apple about this and is expected to talk more on the matter at the Black Hat Security Conference in Las Vegas which will take place between the 26 and 27th of July.

[Via Ars Technica]

Like this post? Share it!