Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as “unique” and “intriguing.” It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as “FruitFly.”
This first strain had researchers scratching their heads. On the surface, the malware seemed “simplistic.” It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained “ancient” functions and “rudimentary” remote control capabilities, Malwarebytes’s Thomas Reed wrote at the time.
The second version of FruitFly is even more puzzling, according to Patrick Wardle, the former spy agency hacker who now develops free security tools for Apple computers and researches Mac security for the firm Synack. Wardle told Motherboard in a phone call that when he first discovered FruitFly 2, no anti-virus software detected it. More surprisingly, it looks like it has been lurking around for five or 10 years and infected several hundred users.
FruitFly and FruitFly 2 are also mysterious: Neither Reed nor Wardle know its mechanism of infection—whether it takes advantage of a flaw in MacOS’s code, is installed via social engineering, or some other way. For that reason, and because Apple didn’t respond to several requests for comment, we’re not sure if computers are still at risk. There may be more than just hundreds of victims because Malwarebytes had limited visibility into FruitFly 1, and Wardle said he likely saw only a portion of computers infected by FruitFly 2.
“This year we’ve seen more Mac malware than in any previous year.”
It would seem the rudimentary nature was its main selling point, if it did what was advertised and could not be picked up by antivirus. Webcams, screens, and keystrokes are all ideal for monitoring a target’s present activities. If your target is sophisticated, giving up everything else to completely avoid exposure, especially for five to ten years of covert freedom, would be a great bargain.
Apple and the Deep State had a falling out over surveillance a little while back, set off by Apple’s ostensible refusal to develop back doors for their products. You have to wonder if the surge in malware now could be Deep State striking back, and trying to exploit machines which all those looking for surveillance-free machines are gravitating toward (assuming people believe nobody in Apple is installing backdoors on the sly for Deep State).
If not, then private sector intel gathering is turning out its own tools, adding to the surveillance terrain, though I’d find it hard to believe deep state would allow private sector actors who are not part of their machine to operate this freely for long. If you were out there trying to do this outside of the machine for hire, I would think you would start getting attention pretty quick.
Either way, if you have any desire for privacy and are not a computer genius, then your only option is to assume that no machine is safe.
Tell others about r/K Theory, because the eyes are everywhere
