ruitFly is a spy malware that can execute shell command, move and click, capture webcam image, stop computer processes (kill process), get system runtime, get back screenshot pictures and even alert hackers when the victim works again on a Mac.
'The only reason I can think of why this malware has not been discovered is because it is used in attacks with very strict object selections, limited levels of infection,' Reed writes in a monthly blog. One. 'Although there is no evidence to connect this malware to any group, but since it is used at biomedical research, it is probably a result of some spying activity.'
Wardle can find FruitFly victims after registering the control server via Command and Control Center (C&C) which is used by the attacker. Then he saw about 400 Mac users infected with FruitFly since connecting to that server.
Since then, the researcher can see the IP address of the FruitFly infected victim, of which 90% of victims in the US. Wardle can even see the victim's name, it's easy to know exactly who is infected with malware.
Instead of taking control of the computer or spy on the victim's machine, Wardle contacted the police and transferred what he found. Wardle said surveillance is the main purpose of FruitFly, though it is unclear whether it is a government or a hacker group.
'It doesn't look like the behavior of cybercrime, there's no advertising, keyboard manipulation or ransomware,' Wardle said. 'What it does makes it more like interactive support, it can alert an attacker when the user is active on the machine, fake a mouse click or a keyboard'.
Because FruitFly's code also includes the Linux command shell, malware can work on the Linux operating system. So it will not be surprising if the Linux variant of FruitFly appears.