How do you like them apples?

How do you like them apples?

Chris D. Baker 20th Jan 2017

Fruitfly’s take a byte out of macOS, Apple rotten to its core.

Fruitfly's take a byte out of macOS, Apple rotten

 

A recent discovery of an ancient security flaw within the macOS architecture, predating OS X and macOS. Aptly analogises the phrase it takes one bad apple to ruin the bunch, was discovered by chance by an IT admin who noticed some abnormal outgoing data from a singular mac.

 

 

Fruitflys in the Bushel

Its apparent target has been the biomedical research centres, orchestrated by a piece of malware discovered as “OSX.Backdoor.Quimitchin” by Malwarebytes.Fruitfly's take a byte out of macOS, Apple rotten
The malware threat, coined “Fruitfly” by Malwarebytes Labs describe it as the first macOS malware of the year. Composes of just two files and one script to ferry the procured data to their servers.

 

Taking a byte out of an Apple

This exploit has and is being used to access compromised Apple machine’s web cameras and screen captures, but could allow for complete remote control of the rotten core.
The problem is that macOS is built upon itself, and ultimately will have some archaic and antiquated code that doesn’t provide security. This is not uncommon with pretty much all software, that there will be bugs and potential threats. But generally these are found early on, or at least not decades later.

Fruitfly's take a byte out of macOS, Apple rotten
Fortunately Apple has responded with an update to Gatekeeper to fix this issue. Which will be pushed to all users with internet access automatically.

 

 

References
[1]  https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/  (Accessed: 20/01/2017)
[2] https://www.scmagazine.com/buzz-off-hackers-fruitfly-spyware-infests-mac-based-biomedical-facilities/article/632685/ (Accessed: 20/01/2017)
[3] https://thestack.com/security/2017/01/20/mac-compatible-fruitfly-malware-escapes-detection-for-years/ (Accessed: 20/01/2017)
[4] https://www.macobserver.com/news/fruitfly-mac-malware/ (Accessed: 20/01/2017)