Mac malware discovered in the wild allows webcam photos, screenshots, key-logging

Mac malware discovered in the wild allows webcam photos, screenshots, key-logging

Ben Lovejoy

– Jul. 25th 2017 4:01 am PT


View Comments

A security researcher has discovered a piece of Mac malware that allows an attacker to activate the webcam to take photos, take screenshots and capture keystrokes.

Synack researcher Patrick Wardle says that the malware has been infecting Macs for at least five years, and possibly even a decade …


The malware is a variant on Fruitfly, discoveredback in January and blocked by a macOS update shortly afterwards. Fruitfly used antiquated code that actually predates OS X, and was used in targeted attacks against biomedical research institutions.

Wardle told ArsTechnica that the variant was mostly found in Macs in homes in the USA.

After analyzing the new variant, Wardle was able to decrypt several backup domains that were hardcoded into the malware. To his surprise, the domains remained available. Within two days of registering one of the addresses, close to 400 infected Macs connected to the server, mostly from homes located in the United States. Although Wardle did nothing more than observe the IP address and user names of Macs that connected to his server, he had the ability to use the malware to spy on the users who were unwittingly infected.

Based on analysis of the IP addresses connecting to the server, the malware does not appear to be targeting companies, and also does not appear to be designed to make money.

“I don’t know it if it’s just some bored person or someone with perverse goals,” Wardle said. “If some bored teenager is spying on me, that would still be very emotionally traumatic. If it’s turning on the webcam, that’s for perverse reasons.”

Wardle informed law enforcement officials, and the hardcoded domains have been shut down, neutralizing the threat for now. The researcher has passed details to Apple, and will be speaking more about the malware at the Black Hat Security Conference in Las Vegas, where we’ll also hear more details about the seriouswifi vulnerability fixed in iOS 10.3.3.

It is likely that owners of infected machines were tricked into clicking on a link that installs the malware. As always, you should only ever install apps from the Mac App Store and trusted developers.


Check out 9to5Mac on YouTube for more Apple news:

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels published to date, and an SF novella series coming in March 2017.

Ben Lovejoy’s favorite gear


Sony a6300

9to5Mac稿源:9to5Mac (源链) | 关于 | 阅读提示

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 移动互联 » Mac malware discovered in the wild allows webcam photos, screenshots, key-logging

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录