Skip to main content

Fruitfly - Retro Mac Malware Targets Biomedical Industry

Apple has released a security patch for a new retro looking malware variant which was recently discovered on a Mac at a University Health Centre.
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Apple has released a security patch for a new retro looking malware variant which was recently discovered on a Mac at a University Health Centre.

Affected platforms

The following platforms are known to be affected:

Threat details

The malware has been named Fruitfly. It has infected at least three biomedical research sites and could have been present on the affected systems since January 2015. The malware was detected due to an unusual increase in network traffic.

The source of infection and delivery method are unknown at the time of publication. Fruitfly is capable of taking screen captures, access web cams, control the mouse and simulate keystrokes. It is likely that other capabilities will be discovered as research into the malware continues.

The fact that the malware has been undetected on an infected network for such a length of time suggests it is advanced in construction. However, researchers identified various unsophisticated elements in the design of the malware. It consists of only two files and runs processes in user space. The malware has no root access, it is not a privileged program and its binary uses the ‘libjpeg’ library which has been used in general development since 1998. By using a retro design, the malware authors may be trying to avoid modern day heuristic detection systems.


Remediation advice

To defend against such a malware variant, organisations should consider the following:

Remediation steps

Type Step
  • Ensure the use of anti-malware software on Mac machines.
  • Ensure that anti-malware services are kept up-to-date with the latest definitions.
  • Systems should be kept up-to-date with the latest operating systems and patch updates.
  • Strong password policies should be enforced. Password reuse is highly discouraged.
  • Ensure policies are in place to backup important data which are regularly exported and stored away from the network.
  • Ensure staff are aware and educated on the cyber security threats such as malware and the damage it can cause on a regular basis.
  • The use of web scanning tools to block access to malware sites should be considered.
  • The use of intrusion detection systems and intrusion prevention systems to detect any unusual network activity.

Last edited: 17 February 2020 11:31 am