Although Apple recently patched macOS to detect and block a piece of malware called Fruitfly, that can capture screenshots, keystrokes, webcam images, and information about infected Macs, a variant was discovered by security researchers. And there’s no way to stop it yet.
The original infection was discovered by Malwarebytes in January and patched by Apple. But Patrick Wardle, from Synack, says the new variant has attacked more than the 400 detected Fruitfly machines and might have been around for some time.
When the initial Fruitfly malware was detected it connected to a command and control server. That server was taken down but when a backup server appeared, machines began connecting to it as they had not been cleaned of the original infection – something that could happen again.
All known C&C servers have been taken down now and law enforcement officials have been notified.
Wardle will be talking about the malware at Black Hat in Las Vegas later this week.