Malwarebytes has recently discovered “the first Mac malware of 2017,” which they call “Fruitfly.” The malware uses antiquated code to help it run undetected on macOS systems. At the time of this reporting, it seems like the malware is targeting biomedical research institutions.
The Malwarebytes software detects the malware as ‘OSX.Backdoor.Quimitchin’ and contains code that predates OS X itself. Some of the code even shows signs of it running on Linux, which the firm says may also be infected. The malware was first detected when an IT administrator noticed irregular outgoing network activity from his Mac.
The malware has two files, which contains a script that communicates back to servers and grabs screenshots on both macOS and Linux based operating systems. It’s also capable of hiding itself from the macOS dock. Malwarebytes says that the primary intention of the malware is to grab screenshots and potentially gain access to the webcam.
What’s interesting is that the malware uses antique system calls to operate. A few of them include: SGGetChannelDeviceList, SGSetChannelDevice, SGSetChannelDeviceInput, and SGStartRecord.
Malwarebytes says that Apple calls this “Fruitfly” and says that a software update is coming soon to resolve the issue.