New Mac Malware Watches Your Every Move

  • MORE

The common misconception that Macs don't need antivirus software has been further eroded this week with the disclosure of a new piece of Mac malware.

Security firm Malwarebytes said yesterday (Jan. 18) that Apple is already aware of the malware, which Apple has dubbed Fruitfly and which has existed since at least late 2014. Fruitfly captures macOS/OS X user activity with screenshots and webcam access and can possibly seize system control.

shutterstock 403583974Image: Chinnapong/Shutterstock.com

Fruitfly was brought to Malwarebytes' attention by an IT administrator who noticed strange network traffic leaving a single machine. The bug was only added to malware detection databases starting Tuesday (Jan. 17), and as of Thursday morning was detected by only a few antivirus programs, including those made by Kaspersky, McAfee, Sophos and Symantec. We expect many more antivirus brands will follow suit in the coming days.

MORE: Best Apple Laptops

It's not clear how Fruitfly infects Macs, but the malware appears to target biomedical research facilities, and Malwarebytes thinks it might be used to steal trade secrets. The limited scope of Fruitfly attacks may be why it has existed so long without being found.

Some of the malware's code references late-1990s pieces of the open-source software underlying macOS. Other parts are clearly Linux-based, and the Malwarebytes team got Fruitfly to run on Linux fairly well. It wouldn't be the first instance of Linux and Mac malware sharing code.

According to Malwarebytes, Apple has patched macOS against Fruitfly with an update that is downloaded and applied in the background. Nonetheless, we recommend using antivirus software to protect your Mac, such as our current favorites Bitdefender Antivirus for Mac ($59.99 per year) and Sophos Home for Mac (free).

Author Bio
Henry T. Casey
Henry T. Casey,
After graduating from Bard College a B.A. in Literature, Henry T. Casey worked in publishing and product development at Rizzoli and The Metropolitan Museum of Art, respectively. Henry joined Tom's Guide and LAPTOP having written for The Content Strategist, Tech Radar and Patek Philippe International Magazine. He divides his free time between going to live concerts, listening to too many podcasts, and mastering his cold brew coffee process. Content rules everything around him.
Henry T. Casey, on
Add a comment
1 comment
  • John C Says:

    I know there's a reason why click baiting titles are a necessity to writers like you Henry, but your article title is clearly disingenuous and not even true! You write : The limited scope of Fruitfly attacks may be why it has existed so long without being found

    If it's only targeting biomedical facilities, how does that equate to the malware watching our every move? You even write this is software phishing for trade secrets.

    For an article that drew me in out of concern for my personal computing security, this was the equivalent of clicking on SPAM.

Back to top