Apple: Latest Mac Malware Won't Hurt You If You Update Your OS

  • MORE

Editor's Note: An Apple representative told Laptop Mag that all systems running up to date versions of OS X 10.11 El Capitan or macOS 10.12 are protected from all known strains of the FruitFly malware. To make sure your Mac is up to date, open the App Store app, click Updates and click Update All.

Mac-targeting malware seems to be taking a page from summer blockbusters. Fruitfly 2 -- the successor to January's Fruitfly -- has been discovered to be a bigger, badder version, tracking hundreds of home users around America.

This sequel expands the reach of the original, which stole screenshots and webcam activity from Macbooks and other macOS machines for years. Currently, there is no way to check if your Mac is infected with Fruitfly 2, and we will update this story if we find out how.

shutterstock 589452071

Patrick Wardle -- Director of Research at the Menlo Park-based Synack security firm -- discovered this new version of Fruitfly, and discovered that it's infected hundreds of users , 90 percent of which are in the United States. According to a tweet he posted, Wardle's now alerted police authorities to this matter. 

Much like the original Fruitfly, this newly-discovered strain appears to have been in the wild without anyone noticing. Wardle told Motherboard "that when he first discovered FruitFly 2, no anti-virus software detected it," though now that he's reported it to the authorities, that hopefully has changed -- or will soon.

MORE: Best Antivirus Software for Mac

As always, this is as good occasion as any to remind Mac users that, yes, they need to use anti-virus software. Our sister site Tom's Guide's favorite option is the $59.99 per year Bitdefender Antivirus for Mac, but the free Sophos Home for Mac also offers strong protection.

While Apple released a background-downloading security update to squish the first Fruitfly, it's unclear if they company has acted to destroy this new unwanted pest. We expect to learn more on Wednesday, when Wardle presents a 25-minute briefing on this topic at the Black Hat USA 2017 security convention in Las Vegas.

Fruitfly 2 looks to have been in the wild longer than Fruitfly 1, as the original version only traced back to 2014, while Wardle says the sequel "may have been lurking around for 5 or 10 years." During that time, Fruitfly 2 appears to have surveilled infected machines, collecting data to send to its home base.

But unlike the first Fruitfly, which appeared to target biomedical research facilities to possibly pilfer trade secrets, the successor isn't going after corporate users. Wardle told Ars Technica that Fruitfly 2 mostly affected home users, most of the "close to 400 infected Macs connected to the [malware's] server," were located in homes across the United States. In comparison, the original Fruitfly was found on only four Macs.

The other similarity Fruitfly 2 bears to the original is that Wardle doesn't know how it infects systems in the first place. It could be used via a social engineering attack -- a rather popular means to get users to click links or email attachments they shouldn't -- or a macOS flaw could be the entry-point.

Credit: Andreas Berheide / Shutterstock

Author Bio
Henry T. Casey
Henry T. Casey,
After graduating from Bard College a B.A. in Literature, Henry T. Casey worked in publishing and product development at Rizzoli and The Metropolitan Museum of Art, respectively. Henry joined Tom's Guide and LAPTOP having written for The Content Strategist, Tech Radar and Patek Philippe International Magazine. He divides his free time between going to live concerts, listening to too many podcasts, and mastering his cold brew coffee process. Content rules everything around him.
Henry T. Casey, on
Add a comment
1 comment
  • JuanSoto Says:

    From the linked article:

    > both malware samples capture screenshots, keystrokes, webcam images, and information about each infected Mac.

    This seems about what most commercial operating systems, online services are doing these days. They may stop at webcam images but pretty much everything else (and far more than what fruitfly is collecting) is up for grabs.

    Yet... tech sites like these remain silent. They offer no warning to users, no disclaimers everytime they herald in a new OS update from Microsoft, Google and even (the secretive, no comment) Apple.

    You guys must feel special having received contact from an Apple rep. Must be all the shilling you do for them.

Back to top