[UPDATE: Apple confirmed to us that any systems that are up to date, running El Capitan or later, are protected. We’ve also confirmed from those in the know that the issue has been fixed since around January and only affected older and out of date Macs.]
A security researcher has discovered a piece of Mac malware that allows an attacker to activate the webcam to take photos, take screenshots and capture keystrokes.
Synack researcher Patrick Wardle says that the malware has been infecting Macs for at least five years, and possibly even a decade …
The malware is a variant on Fruitfly, discovered back in January and blocked by a macOS update shortly afterwards. Fruitfly used antiquated code that actually predates OS X, and was used in targeted attacks against biomedical research institutions.
Wardle told ArsTechnica that the variant was mostly found in Macs in homes in the USA.
Based on analysis of the IP addresses connecting to the server, the malware does not appear to be targeting companies, and also does not appear to be designed to make money.
Wardle informed law enforcement officials, and the hardcoded domains have been shut down, neutralizing the threat for now. The researcher has passed details to Apple, and will be speaking more about the malware at the Black Hat Security Conference in Las Vegas, where we’ll also hear more details about the serious wifi vulnerability fixed in iOS 10.3.3.
It is likely that owners of infected machines were tricked into clicking on a link that installs the malware. As always, you should only ever install apps from the Mac App Store and trusted developers.
Photo: mobilesyrup.com