The IT security researchers have recently found a new malicious code that affects Mac and Linux systems. It was dubbed by the Apple Inc., as Fruitfly while the Malwarebytes named it as Quimitchin, the name is inspired by Aztec spies. The newly identified malware can spy on biomedical research centres. It was speculated that this malicious code is active for many years only to be detected now.
This malicious code was recently discovered by Malwarebytes after one of the IT administrators in there identified a strange pattern of incoming network traffic from one of the compromised Macs. Reportedly, the malware was designed to compromise the webcam and capture screenshots of Mac machine and simulate mouse clicks and key presses. Apart from all these features, it can also perform the regular malware function of providing the hacker or attacker with the ability to remotely control the machine.
According to a blog post from a researcher Thomas Reed at the Malwarebytes, both Apple and Malwarebytes are yet to discovered how this malware is being distributed. What they have managed to find so far is that it is based made using some old-school coding techniques, which are so old that they date back to 2001 when the Mac OS X was launched.
The most disturbing aspect is that Fruitfly also contains Linux shell commands and when Reed tried to run the malware on Linux machine, it worked “just fine” and only the Mac-specific code didn’t run. This means, the malware developers didn’t know much about the Mac system and they used old documentation for its development.
“The presence of Linux shell commands in the original script suggests that there may be a variant of this malware that is expressly designed to run on Linux, perhaps even with a Linux executable in place of the Mach-O executable. However, we have not found such a sample,” noted Reed.
