A new type of Mac malware, known as Fruitfly, has been found conducting surveillance attacks for possibly over...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
two years, but has code that is decades old. The Fruitfly malware library can also run on Linux systems. If Fruitfly's code is so ancient, why does it still work? And why wasn't it discovered earlier? How can enterprises secure their Mac and Linux devices?
Effective code, algorithms and techniques typically have very long lifespans, and they often get included in more places than was initially anticipated.
One of the key practices of software development is code reuse, which enables developers to reduce the time necessary to develop and test their code. It appears the authors of the Fruitfly Mac malware had this in mind when they wrote the code.
Malwarebytes analysis showed that this cross-platform malware uses APIs that go back decades. Apple and other operating system developers know that APIs have very long lifespans, and if they change how an API works, it could break a legitimate program, so backwards compatibility is maintained for as long as possible. Malwarebytes reported Fruitfly Mac malware could have evaded detection by limiting the targets of attack. Macs do not face as many malware attacks as some Windows systems, and may not be as carefully monitored, which also could have reduced the likelihood of the malware being identified.
Enterprises can secure their Mac and Linux devices the same way they secure their Windows systems, by keeping the systems up to date with patches, managing the systems with the least privileges necessary, using secure configurations and monitoring the systems. The standards and specific configuration settings will differ from Windows systems, but the same general steps can be used. Some system management tools are multi-platform and can manage Windows, Macs and Linux systems. These same steps haven't significantly changed in a long time.
As for the specific case of Fruitfly Mac malware, using a file integrity monitor could alert enterprises when an unknown binary is run on a system, which could then be investigated to determine more details on the attack. The initial indicator of compromise was suspicious network traffic originating from an infected endpoint.
Learn how to prevent the Keydnap malware from stealing Mac passwords
Find out how Rakos malware attacks embedded Linux systems
Read about a Linux vulnerability that enables attacks on TCP communications
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.