Skip to main content

Apple: Latest Mac Malware Won't Hurt You If You Update Your OS

Editor's Note: An Apple representative told Laptop Mag that all systems running up to date versions of OS X 10.11 El Capitan or macOS 10.12 are protected from all known strains of the FruitFly malware. To make sure your Mac is up to date, open the App Store app, click Updates and click Update All.

Mac-targeting malware seems to be taking a page from summer blockbusters. Fruitfly 2 -- the successor to January's Fruitfly -- has been discovered to be a bigger, badder version, tracking hundreds of home users around America.

This sequel expands the reach of the original, which stole screenshots and webcam activity from Macbooks and other macOS machines for years. Currently, there is no way to check if your Mac is infected with Fruitfly 2, and we will update this story if we find out how.

Patrick Wardle -- Director of Research at the Menlo Park-based Synack security firm -- discovered this new version of Fruitfly, and discovered that it's infected hundreds of users , 90 percent of which are in the United States. According to a tweet he posted, Wardle's now alerted police authorities to this matter. 

Wrote C&C server to analyze🍎-virus for @BlackHatEvents/@defcon talk. Took over a C&C addr & 100s 🤒💻 (90% in 🇺🇸): 'hi, task us'👮now involved😱 pic.twitter.com/DxS1y8KYZB — patrick wardle (@patrickwardle) July 21, 2017

Much like the original Fruitfly, this newly-discovered strain appears to have been in the wild without anyone noticing. Wardle told Motherboard "that when he first discovered FruitFly 2, no anti-virus software detected it," though now that he's reported it to the authorities, that hopefully has changed -- or will soon.

MORE: Best Antivirus Software for Mac

As always, this is as good occasion as any to remind Mac users that, yes, they need to use anti-virus software. Our sister site Tom's Guide's favorite option is the $59.99 per year Bitdefender Antivirus for Mac, but the free Sophos Home for Mac also offers strong protection.

While Apple released a background-downloading security update to squish the first Fruitfly, it's unclear if they company has acted to destroy this new unwanted pest. We expect to learn more on Wednesday, when Wardle presents a 25-minute briefing on this topic at the Black Hat USA 2017 security convention in Las Vegas.

Fruitfly 2 looks to have been in the wild longer than Fruitfly 1, as the original version only traced back to 2014, while Wardle says the sequel "may have been lurking around for 5 or 10 years." During that time, Fruitfly 2 appears to have surveilled infected machines, collecting data to send to its home base.

But unlike the first Fruitfly, which appeared to target biomedical research facilities to possibly pilfer trade secrets, the successor isn't going after corporate users. Wardle told Ars Technica that Fruitfly 2 mostly affected home users, most of the "close to 400 infected Macs connected to the [malware's] server," were located in homes across the United States. In comparison, the original Fruitfly was found on only four Macs.

The other similarity Fruitfly 2 bears to the original is that Wardle doesn't know how it infects systems in the first place. It could be used via a social engineering attack -- a rather popular means to get users to click links or email attachments they shouldn't -- or a macOS flaw could be the entry-point.

Credit: Andreas Berheide / Shutterstock

macOS High Sierra Tips

After graduating from Bard College a B.A. in Literature, Henry T. Casey worked in publishing and product development at Rizzoli and The Metropolitan Museum of Art, respectively. Henry joined Tom's Guide and LAPTOP having written for The Content Strategist, Tech Radar and Patek Philippe International Magazine. He divides his free time between going to live concerts, listening to too many podcasts, and mastering his cold brew coffee process. Content rules everything around him.