Replies

It seems that FruitFly was also written for Windows PCs as well and likely originated on that platform. The evidence is that the author of FruitFly, an INTEL architecture based code exploit, has been using FruitFly for 13 years, yet Apple Macs were switched from PowerPC architecture base only 10 years ago. The earliest appearance of the FruitFly Code in a Mac library has been traced to a Mac running OSX.9 Mavericks which was first released September 2013, so it could have been infected at anytime after that. (Note, however, that the code is extremely simple, consisting of just two lines, and can run on any Mac with an Intel processor and a built-in camera) The implications are that FruitFly has been doing its malicious spying in the Windows PC world longer than in the Mac world.

Note, FRUITFLY was spread by two vectors: (1) a Trojan horse program using social engineering to get the user to download it and install it himself usually disguised as some useful utility or game, and (2) physical access to the target computer where the bad guy installs it.

As reported back in January 2017 when first identified, on Macs, FruitFly was found in very limited locations mostly related to biological research. Very few FruitFly malware were ever found in Macs belonging to private individuals or schools, etc., although there were some, but even then they were peripherally related to employees and families of the primary locations. FruitFly seemed to be very targeted to research in biochemical, genetics, and pharmaceuticals, hence the name "FruitFly."

Once FruitFly was discovered and its signature was identified, FruitFly was added to the library of malware that Apple’s MacOS built-in anti malware protections will identify and warn the user about before it can be downloaded, installed, or run, requiring an administrator’s name and password to continue with each of those steps. It takes an industrial strength stupid user to get infected with such a malware; the user has to not only ignore the clear warnings alerting him he is going to be infecting his computer with malware, he has to ACTIVELY ALLOW IT BY GIVING AN ADMINISTRATOR’S NAME AND PASSWORD THREE TIMES!

FruitFly Mac malware back in the news as man is charged for using it to spy on people. . . and for child pornography. One interesting thing is that FruitFly i has turned out to be a Windows PC malware too! In fact, perhaps it was Windows malware before it ever was Mac malware as this guy was using it for 13 years. It’s an Intel architecture based code, and Apple Macs only switched to Intel ten years ago. Also the earliest known Mac version is for only a four year old OSX Mavericks Mac. — PING!

FruitFly Malware Turns Out to Be Switch Hitter
Both Windows PC and Mac
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

Incidentally, all records indicate there have been approximately 400 Macs hit by FruitFly. . . at least that was the number that Malwarebytes found reporting to the FruitFly home server this guy had setup. Most of these were in the US. He later abandoned that server and Malwarebytes could see no evidence of efforts of the FruitFly creator to monetize the malware. For example no advertising, hijacking, or ransomware were installed on the targeted computers. It was theorized industrial espionage and/or perverse spying were possible motives by a single individual.

The article mentions “thousands” of computers, but that has not been reported in the tech Press as far as Macs are concerned. I’m wondering since they’ve gone back further and are now reporting the Windows PC involvement if the discrepancy has to do with those machines?