Apples and Fruitflies

macOS malware

mac OS Malware: Fruitfly

It’s rare to find malware that is designed to compromise the infrastructure of a Mac operating system, but they do exist. In most cases, the malware was simply a proof of concept to show that the underlying architecture was fundamentally insecure and eliminate the false sense of security that Mac users sometimes have. Lately though, there has been an emergence of a more malicious form of malware dubbed Fruitfly. First discovered by accident, the malware has been researched more deeply and some startling information has been discovered.

How It Works

The underlying coding of the malware relies on the legacy application Perl. Once executed, the malware connects to a command and control server. From that server a hacker can then remotely view, control and lock the Mac computer. This includes the ability to remotely control the webcam in iMacs and take and store photos without the user suspecting.

How It’s Delivered

Like most malware, Fruitfly mac is delivered via phishing emails where the user clicks on an unknown attachment, and is also delivered through malicious websites via drive-by downloads, or watering hole attacks. Once delivered, the software becomes essentially a remote surveillance tool.

How to Protect Your Machine

Apple historically has not been very responsive to patches, and this particular exploit existed for years before being noticed. Now, Apple has released a patch to fix Fruitfly and prevent the code from being executed. If you update your Mac OS to the latest version, this exploit will no longer be able to connect to the command and control server, rendering the malware useless.

It’s important to keep your system up to date with the latest patches, but that is hindsight. Take advantage of software that protects your endpoint through real-time analytics and heuristic analysis of potential malware and malware signatures. SentinelOne can provide you with an integrated endpoint management solution that protects the entry point of the malware. In doing so, it can prevent malware like Fruitfly from entering the machine in the first place. For systems already infected, SentinelOne can detect and remediate the changes that the software created, preventing any long-term damage.


Want to see the SentinelOne platform in action? Request a Demo Now
Like this article? Subscribe to our blog or follow us on LinkedInTwitter, or Facebook and stay up to date on the content we post each week!