Fruitfly - Retro Mac Malware Targets Biomedical Industry
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Threat details
The malware has been named Fruitfly. It has infected at least three biomedical research sites and could have been present on the affected systems since January 2015. The malware was detected due to an unusual increase in network traffic.
The source of infection and delivery method are unknown at the time of publication. Fruitfly is capable of taking screen captures, access web cams, control the mouse and simulate keystrokes. It is likely that other capabilities will be discovered as research into the malware continues.
The fact that the malware has been undetected on an infected network for such a length of time suggests it is advanced in construction. However, researchers identified various unsophisticated elements in the design of the malware. It consists of only two files and runs processes in user space. The malware has no root access, it is not a privileged program and its binary uses the ‘libjpeg’ library which has been used in general development since 1998. By using a retro design, the malware authors may be trying to avoid modern day heuristic detection systems.
Remediation advice
To defend against such a malware variant, organisations should consider the following:Remediation steps
Last edited: 17 February 2020 11:31 am