Share this article: Apple has recently patched macOS against possible attacks from a backdoor trojan discovered by Malwarebytes, which Apple engineers call Fruitfly, and Malwarebytes detects as OSX.Backdoor.Quimitchin. Discovered this year, Malwarebytes says this Mac backdoor contains routines that allow it to execute in some limited capacity on Linux systems. An analysis of the code revealed that the malware is easy to detect because of its persistence mechanism, which works by creating a launch agent for a hidden file, a common practice that most Mac security products search for and should be able to easily detect. Fruitfly malware built using ancient code Artifacts in the malware’s source code point to the fact that this threat existed for many years without being detected. Most notably, Fruitfly received updates for Yosemite (Mac OS X 10.10), which was released in October 2014. Furthermore, the malware uses very ancient code, such as system calls that haven’t been used by developers since before the release of OS X (2001), and a library called libjpeg, which was last time updated in 1998. What this means is that its creator has written the code long time ago and gradually updated it along the way, or just used old deprecated code, which he might have copy-pasted from other malware or code-sharing sites.

Malware Used For Espionage Attacks Found For Machine

The Malwarebytes team also suspects that the Fruitfly author might have used old code “to avoid triggering any kind of behavioral detection systems that might be expecting more recent code.” Fruitfly can take screenshots, access the webcam According to Malwarebytes, Fruitfly can take screenshots of the user’s screen, access the webcam, simulate key presses, interact with the mouse cursor, provide remote control access, hide its process from the macOS Dock, and upload stolen data. Some of these features are also doubled by code that allows Fruitfly to run on Linux machines, albeit researchers have not spotted a Linux variant in the wild. Additionally, a mysterious Windows malware also connected and used the same C&C servers as Fruitfly, making researchers believe that the author of this tool might be operating malware with versions for all three major operating systems. “The only reason I can think of that this malware hasn’t been spotted before now is that it is being used in very tightly targeted attacks, limiting its exposure,” said Thomas Reed, the Malwarebytes analyst that analyzed Fruitfly after a system administrator had contacted him after he noticed suspicious traffic in his network. Reed didn’t provide any in-depth details or evidence, but he also said that Fruitfly might be used in targeted attacks against biomedical research centers, possibly by actors focused on economic or state-sponsored espionage.

A technical breakdown of Fruitfly’s mode of operation is available on the Malwarebytes blog, along with indicators of compromise.

Symantec, the parent company of Norton, a highly-complex cyber-espionage malware program known as Regin. This malware has been developed for use in spying campaigns against international targets, such as government organizations, businesses, academic organizations, service providers and even private individuals. Best lottery software for mac. Because of its high degree of sophistication, Regin exhibits the characteristics of a state-sponsored operation, but, at this time, Symantec does not have enough evidence to connect it to any particular organization.

What does Regin do? Classified as a backdoor Trojan, Regin provides the attacker access to, and control of a targeted computer. But unlike most malware that is designed for one intended purpose, such as stealing specific types of data, Regin is used for long-term, broad collection of information, as well as continued monitoring of targeted organizations. Can Regin affect me? At this time, Symantec has only observed around 100 cases of infection in 10 countries and most consumers are unlikely to be affected. While individual users could be targeted by Regin, these individuals are typically working in specialized areas of interest to the Regin operators.

We do not believe that Regin targets the average Norton customer, however, it is important to also note that Symantec has provided protection against Regin to its customers, including Norton branded security products, since December 2013. Regin components are detected as Backdoor.Regin. Stay protected from this threat: We always recommend that consumers take steps to protect themselves, even if they are not the direct target of a specific attack. Best practices include;. NEVER open attachments or links from unknown senders via email, instant messages or social media. Be sure that all of your computer’s. This includes not only your computer’s operating system but common applications such as document readers and productivity software.

Have a trusted brand of security software installed and keep it updated as well. While there are many good brands of software available, we happen to recommend Norton Security. © 2018 Symantec Corporation.

All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries.

Malware Used For Espionage Attacks Found For Mac Free

Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.