'Fruitfly' malware patched by Apple relies on 'ancient' Mac system calls

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Newly-patched Mac malware relies on some antiquated code predating the OS X era, but has been used in some previous real-world attacks on biomedical research groups, according to a prominent security software maker.

The malware communicates with two command-and-control servers, and can perform actions like typing, webcam and screen captures, and moving and clicking a mouse cursor, Malwarebytes said in a blog post on Wednesday. It also maps other devices on a network and tries to connect to them.

Unusually the malware is said to rely on pre-OS X system calls, and even open-source "libjpeg" code not updated since 1998. Much of the software is said to be Linux-compatible, possibly suggesting the existence of a native variant. Related Windows executables are said to exist, but date back to at least 2013.

The Mac malware may also have been in circulation for a long time, given some associated timestamps. A comment in a one file makes reference to a change for OS X Yosemite, which Apple released in 2014.

Malwarebytes didn't elaborate on the alleged biomedical attacks, except to say there's no evidence linking them to a specific group. Chinese and Russian hackers have, however, been known to steal American and European scientific data.

The company noted that Apple has already released a silent update for macOS, dubbing the malware "Fruitfly." Malwarebytes' own app identifies the code as "OSX.Backdoor.Quimitchin," making a reference to ancient Aztec spies.

Serious malware threats are a relatively rare phenomenon on the Mac, both because macOS remains a minority platform — hence a smaller target — and because Apple has stepped up its own security efforts in recent years. Recently it instituted a bug bounty program, matching similar efforts at companies like Google, making it potentially lucrative to defend rather than attack Apple platforms.