New Mac Malware Watches Your Every Move

The common misconception that Macs don't need antivirus software has been further eroded this week with the disclosure of a new piece of Mac malware.

Security firm Malwarebytes said yesterday (Jan. 18) that Apple is already aware of the malware, which Apple has dubbed Fruitfly and which has existed since at least late 2014. Fruitfly captures macOS/OS X user activity with screenshots and webcam access and can possibly seize system control.

Image: Chinnapong/

Fruitfly was brought to Malwarebytes' attention by an IT administrator who noticed strange network traffic leaving a single machine. The bug was only added to malware detection databases starting Tuesday (Jan. 17), and as of Thursday morning was detected by only a few antivirus programs, including those made by Kaspersky, McAfee, Sophos and Symantec. We expect many more antivirus brands will follow suit in the coming days.

MORE: Best Apple Laptops

It's not clear how Fruitfly infects Macs, but the malware appears to target biomedical research facilities, and Malwarebytes thinks it might be used to steal trade secrets. The limited scope of Fruitfly attacks may be why it has existed so long without being found.

Some of the malware's code references late-1990s pieces of the open-source software underlying macOS. Other parts are clearly Linux-based, and the Malwarebytes team got Fruitfly to run on Linux fairly well. It wouldn't be the first instance of Linux and Mac malware sharing code.

According to Malwarebytes, Apple has patched macOS against Fruitfly with an update that is downloaded and applied in the background. Nonetheless, we recommend using antivirus software to protect your Mac, such as our current favorites Bitdefender Antivirus for Mac ($59.99 per year) and Sophos Home for Mac (free).

Apple Laptop Guide