Malware Designed to Spy on Users Found on Mac Machines

Malware Designed to Spy on Users Found on Mac Machines

While we often talk about cybersecurity from a business perspective, some of the worst cybercrimes can come in the form of small malware attacks that target individuals. An invasive malware named “Fruitfly,” first discovered in January, is infecting Mac computers.

Its primary goal? To watch you.


The stealthy Fruitfly malware has been found on hundreds of Macs to date, though it has proven to be a difficult one to detect. Fruitfly was discovered by ex-NSA analyst, Patrick Wardle, who now conducts research for cybersecurity firm Synack. He stated that he saw around 400 infections but there are likely to be much more. 

What makes Fruitfly frightening is the intent of the malware: to surveil people through their Mac. Whoever is behind the malware has the capability to remotely take control of an infected computer, giving them access to your webcam, files, screen, keyboard and mouse. 

"This didn’t look like cybercrime type behavior, there were no ads, no keyloggers, or ransomware," Wardle commented. "Its features had looked like they were actions that would support interactivity: it had the ability to alert the attacker when users were active on the computer, it could simulate mouse clicks and keyboard events."

It gets worse. Before Fruitfly was discovered in January, the malware had been around, undetected, for years. The Fruitfly code includes references to updates for Mac OS X Yosemite, first released in 2014, indicating the spyware was running before that.

Who is Responsible?

Who created this malware and what exactly was their intent? Unfortunately, that’s still unknown. Wardle suggested that it was likely just a hacker looking to spy on people for “perverse reasons.”

"This shows that there are people who are sick in the head who are attacking everyday Mac users for insidious goals," said Wardle. "A lot of Mac users are overconfident in the security of their Mac. Just goes to reiterate to everyday users that there are perhaps people out there trying to hack their computers. I don't know it if it's just some bored person or someone with perverse goals ... if some bored teenager is spying on me, that would still be very emotionally traumatic. If it's turning on the webcam, that's for perverse reasons." 

While the existence of Fruitfly is unsettling, it should be reiterated that it has only been found on a relatively small number of systems. Wardle also added in a later comment to CNET that the attacker is MIA and is likely not still targeting computers with malware.

The malware is said to likely require user interaction to be infected (i.e. clicking a bad link, downloading something, etc.). Our recommendation to avoid becoming infected with malware? Be wary of what your clicking when surfing the internet. The risk of having malware, like Fruitfly, infect your computer should be all the incentive needed to put in the effort required to stay vigilant.

If you suspect or are concerned that Fruitfly could be on your Mac we recommend running Malwarebytes.