Showing posts with label fruitfly. Show all posts
Showing posts with label fruitfly. Show all posts

Friday, October 5, 2018

Fruitfly Mac Malware: How to Protect Yourself from Undetected Malware

Fruitfly Mac Malware
credit:NJCCIC
Do you know that from past 15 years there is an undetected malware hovering over your Mac systems? The Fruitfly mac malware is the one that has been undetected since a very long time.

So, if you are not updated with that fruitfly story then here is the brief and latest news for you.

Fruitfly Latest Update: 


FBI has finally solved the 15 years undetected fruitfly mac malware mystery. The Mysterious mac malware was created by an Ohio man just to take control of the malware victims & Mac computers.

The hacker has stoled flies, keyboard strokes, and also watched victims via their webcam secretly and had listened to their private conversations as well. According to the latest FBI report the man has created this fruitfly mac malware in 2003 itself when he was at the age of just 14 years. Since then he is using this malware until his arrest 2017.

The crazy think about this malware is the mac upgraded versions of antivirus programs never detected this “Fruitfly” malware on any of the victim's computers. Even the experts couldn't figure out the working process of a fruit fly and how its creator has spread that virus around the Mac computers.

According to the FBI, the accused used a port scanner to find the internet macs with weak passwords and he logged into these weak systems remotely via the open service ports and he installed and hid the “fruitfly on the user's computers without their notice.

Now, if you are really new this term “fruitfly mac malware” means you will be banging your heads and thinking about what is fruitfly and whats the relation between mac and that fruitfly etc.

If you are one of them then don’t worry here I am going to cover everything about the Fruitfly mac malware.

What is Fruitfly Malware? 


The fruitfly malware is a stealthy but very highly-invasive malware on Macs. As said above this particular malware has been around the Macs for almost 15 years. Even Mac Antivirus programmes and other anti-malware software hasn't found that virus.

Fruitfly Mac malware Discover: 


This highly-invasive malware was first discovered back in January 2017 with a normal blog post from the Malware bytes and it has highlighted its existence.

In that post, the author has explained how fruitfly infects mac computers and he also stated that it has an ability to capture screenshots, view keystrokes and control webcams etc on the Mac. In that post, he also stated that the creator of the malware will have full access to all affected victims.

At that point of discovery, they suspected that the malware has been around 2014 since the OS X Yosemite update but it recently it has been relieved that it was first created in 2003 itself by a 14 years old kid. You will know more about him below.

In that blog post, they have said that this malware is targeting biomedical research centers. And they also said that the first version of this fruit fly is really unsophisticated and it is just using a hidden file and a launch agent to keep the mac infected.

New updated Varients of Fruitfly Emerge: 


After first discover of this fruitfly malware most of the experts tried to resolve this malware but they couldn't crack it. At some stage, all thought the new update from Apple has patched the issues.

But the new variants of fruit fly have emerged and they have infected a large number of computers. The new version has also been undetected by all antivirus. That has made this malware spread even more.

In the July of 2018, a former NSA hacker has done a in-depth analysis of the latest variant and told some interesting facts about the malware. He stated that despite the virus is relatively simple but the malware has full control over the system as there will be no speed in processing and other factors it has been undetected.

In that wardly research somehow he could crack the malware and found the malware creator ip address, the name of the users and other necessary information. And he also found that there are more than 400 infected macs connected to the registered services as he was unable to view the IP addresses and users of those devices he didn't speak a word about them.

He later tried to do further research but said that there’s no way to know how the malware infects computers. However, he said one information that this whole virus has been spread through a tedious and malicious email attachment.

Who’s the mysterious man behind the Fruitfly? 


At that point of time even though he collected all the information but he couldn't do anything because he skipped from his network. But, wardly has discovered that he is a single hacker rather than the team of a hacker. However, he recently got caught in the FBI investigation and he is behind bars.

Although we can't share enough information about him as we only know some information we can say that person is from Ohio State and he has found that malware in 2003.

Who is affected by fruitfly: 


As said, in the above statement the fruitfly has affected more than 400 plus mac computers in a single server but to be frank the list could be increased as well. Although you don't have to worry about these because you can protect yourself from these kinds of attacks. In this article, I am going to disclose how you can protect from fruit fly and other types of malware.

How to protect yourself from fruitfly: 


Apple has released all the security patches for fruitfly earlier this year. But as the newer version comes into the place you have to be very careful in dealing with email attachments and spam emails.
You should not open any kind of spam or unknown emails. Apart from that, you have to keep your password much stronger than ever because he has remotely accessed weak password-protected accounts. So, you have to take care of your password as well.

As of now, the mystery has been relived so all the antivirus has updated their core algorithm according to it and you can quickly find these type of malware with Anti-malware or Antivirus programs.

How that fruitfly malware looks like: 


If you are a techie who is striving to see the malware code means you can see that in this posts. This code was first published in the “ malware bytes” Blog post only. We are just using this as a reference to show you how the fruitfly mac malware looks like.

The malware was extremely simplistic on the surface, consisting of only two files:

~/.client
SHA256:
ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044

~/Library/LaunchAgents/com.client.client.plist
SHA256: 
83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3

You can see full code in the malware bytes post. This is all about the fruitfly mac malware.

Conclusion: 


As this fruitfly malware can be detected by some of the antimalware tools you can stay protected from it. Along with that keep, a secure and robust password will always keep you safe from most of the malicious programs.

I hope I have covered every aspect of the fruitfly mac malware. Now it's up to you if you have any queries you can let us know in comments section below.