Apple’s MacOS is known to be one of the more secure operating systems out there. However, due to its increasing popularity and expanding user base, hackers and cybercriminals are starting to victimize iMacs and MacBooks more and more.
One particular worrisome attack is webcam hijacking and spying. These kinds of exploits allow hackers to secretly record video and audio from a compromised computer.
A newly discovered strain of a particularly nasty piece of malware serves as a reminder that Macs are not virus-proof. And even more alarmingly, this strain has been infecting hundreds of Macs but went undetected by security software for years.
Patrick Wardle, security firm Synack’s chief researcher, has revealed new details of a new variant of Firefly, a form of Mac spying malware that can take over webcams, take screenshots, log key strokes and collect info about each infected Mac and other devices connected to the same network.
The original Firefly strain was discovered by MalwareBytes and was already patched by Apple with a security update earlier this year. But Wardle recently discovered this new variant floating in the wild, infecting at least 400 computers, mostly in the U.S., with the possibility of other locations.
It is still unknown how the malware infected the computers but Warble suspects it’s via malicious links or attachments sent via emails. The creators of the malware are also unknown since the command and control server used for the attacks is no longer in operation. The researcher suggests that the perpetrator could just be an individual looking to spy on people for “insidious and sick” reasons.
Wardle found the infected computers by analyzing the new Fruitfly strain’s code and by plugging in his own command and control server. He immediately saw around 400 infected machines connect to his custom server. He believes this number may just be a small subset of all the Macs currently infected with Fruitfly 2.
Wardle will present his findings and his custom server tactics at the Black Hat conference on Wednesday.
How to protect yourself against Fruitfly
The best way to protect yourself from such attacks like Fruitfly is to keep your operating systems and applications up-to-date and patched with the latest security updates. Also, avoid clicking on unknown links and attachments on emails and refrain from installing software from shady sources.
Additionally, to help combat these kinds of potential webcam attacks on Macs, Wardle developed a free monitoring tool called Oversight.
According to Oversight’s notes, the tool can detect if a secondary process accesses the camera while it’s already in use. It will then identify the name of the process via a system notification and it will give the user the option to terminate and block the process.
To download this free tool, just head on over to Objective-See’s Oversight page. This download page contains download and installation instructions and detailed descriptions of this free application.