MAC malware caught recording the SCREEN, logging keystrokes reveals new report

Mac users typically think they’re immune to malware. But a new strain used for spying reminds us even Macs can be compromised.

Researchers have found an unusual piece of malware, called FruitFly, that’s been infecting some Mac computers for years.

FruitFly operates quietly in the background, spies on users through the computer’s camera, captures images of what’s displayed on the screen and logs key strokes.

Security firm Malwarebytes discovered the first strain earlier this year, but a second version called FruitFly 2 subsequently appeared.

Patrick Wardle, chief security researcher at security firm Synack, found 400 computers infected with the newer strain and believes there’s likely many more cases out there.

It’s unclear how long FruitFly has been infecting computers, but researchers found the code was modified to work on the Mac Yosemite operating system, which was released in October 2014. This suggests the malware existed before that time.

It’s unknown who is behind it or how it got on computers.

Thomas Reed of Malwarebytes called the first version “unlike anything I’ve seen before.”

Wardle says there are multiple strains of FruitFly. The malware has the same spying techniques, but the code is different on each strain.

After months of analyzing the new strain, Wardle decrypted parts of the code and set up a server to intercept traffic from infected computers.