LAS VEGAS—The FruitFly backdoor became a known entity in January, but it’s a good bet that for years it had been in the wild, undetected by analysts and security software.
The macOS and OS X malware has a number of insidious spying capabilities that would make anyone uneasy, and a variant recently analyzed by Synack chief security researcher Patrick Wardle was no exception.
Wardle built a custom command and control server to examine a FruitFly sample that was capable of executing shell commands, retrieving screen captures, manipulating mouse movements, killing processes and even triggering an alert to the attacker when the user is active again on their Mac.
Leave a reply
