Earlier this year in January, security researchers uncovered malware that had likely evaded detection for years. Labeled OSX/FruitFly.A by Intego, this malware slinked back into the shadows not to be seen again since it was initially discovered; that is, until now. Patrick Wardle, a security researcher and former NSA hacker, has discovered another FruitFly variant, and this one may have been around as long or longer than the original variant found in January.
Dubbed FruitFly.B, this new variant appears to have the same functionality as its predecessor. The malware can perform the following actions on an infected Mac:
“The most interesting feature is that the malware can send an alert when the user is active, so that the attacker can then avoid interfering with the computer to remain stealthy. I haven’t seen that before,” Wardle told ZDNet.
With most of the Command & Control (C&C) servers no longer active, Wardle wrote his own code and registered domains that previously belonged to the (C&C) servers. This allowed him to intercept the malware’s traffic.
As soon as his C&C servers came online, his screen began filling up with data from Macs in the wild that were infected with FruitFly. Instantly sitting on potentially private and sensitive data from the victims out there, he logged the connections, parsed the computer names, and then closed the connection to make sure no further data would be received.
Early analysis shows 90% of the victims who connected to his C&C server are in the United States and do not appear to be connected.
A selection of computers, usernames, and computer names infected by FruitFly.B malware. Image credit: Patrick Wardle
Finding a common connection between infected Macs can help track down where the malware may have originated, but in this case it is not possible. FruitFly could have been spread via malicious email attachments and, as Wardle said, it is most likely operated by a single hacker “with the goal to spy on people for perverse reasons.”
This new variant is known as FruitFly.B, and at the time of writing, Apple has not addressed it in its XProtect or Malware Removal Tool signatures. Intego already protects its customers from both FruitFly variants. Intego VirusBarrier will identify and eradicate the malware as OSX/FruitFly.A and OSX/FruitFly.B, regardless if the variant is an executable, a Perl script, or a Java class.
The first variant was found by a network security team, the second by a security researcher. These researchers analyze suspicious behavior of files and network traffic, and in the case of anti-virus companies, write the malware signatures for the software that protects your Mac. Even so, full computer security requires a layered approach to defend against all types of attacks.
Not everyone has a dedicated network security team and IT admin available, but what if you could have that? Your own network security team sounds expensive, doesn’t it? A team of people that all need to be paid, the hardware required for them to do their jobs, it adds up quick! So what the next best thing? Software network security, of course!
With a variety of threats targeting you nowadays, the best defense is implementing layers of protection, and that’s how you should judge potential security software solutions. Anti-virus can stop malicious files, but it’s not enough to prevent the other worries from filtering through and ruining your stuff.
Below are a few examples of different layers of protection, and each provides a layer of security in their own way. You are not limited to just one or two layers, you can add as many as you like so long as they do not interfere with each other.
Let’s have a look at the layers of protection included with Intego’s Mac Premium Bundle:
What about an IT admin? Surely those don’t come cheap and good ones are hard to find. Luckily, you can get firewall software like NetBarrier that watches your Mac for any malicious activity, and while not an actual skilled IT admin, it can alert you about malware before an IT admin has to get involved.
VirusBarrier is a sophisticated anti-virus software that prevents malicious files from infecting your Mac, but don’t rely on it to stop hackers—that’s a job for NetBarrier—and you should be sure to secure your sensitive data, too.
Hard drive failure means you can lose your data, and ultimately what Mac Washing Machine does is protect your data by relieving common stressors on your hard drive.
If you have multiple hard drives, flash drives, local servers, remote servers or another Mac you want to keep in sync, Personal backup can create a safe copy of your data on it. It’s incredibly flexible, and it can handle almost any backup schedule you want! Together, with Apple’s Time Machine, this one-two punch ensures you don’t lose any important files.
ContentBarrier’s configuration is very flexible and enables you to block specific categories of websites, such as Adult, Gambling, and more. Its anti-predator chat monitoring is a very powerful feature as well, which monitors all standard chat protocols and can recognize certain words, phrases or abbreviations that may indicate objectionable or inappropriate things are discussed that could lead to trouble. Instant notifications mean you can ensure your child’s online safety by instantly blocking online access even when you’re not home.
These are just a few layers you can enable to keep your data, privacy, personal information and children safe. “The best security comes in layers” is not just a phrase we throw around in the security community, it’s true and has been proven effective many times over. With security coverage from multiple angles, it becomes very hard for existing or yet to be discovered malware to infect your Mac.
Layered security can be implemented at any time. During the first setup of your Mac or further down the road, these layers can be implemented quickly and easily. Spending 10 minutes implementing it now can save you hours or days of troubleshooting down the road. Give it a try and let us know which security layers are protecting you!
