Threat Management, Threat Intelligence, Malware

Tables turned: Researcher reportedly creates C&C server to spy on Fruitfly Mac malware

A security researcher looking into a variant of the Mac spyware Fruitfly uncovered a pool of roughly 400 infected victims, after registering a back-up command-and-control server that was coded in a sample of the malware and taking it over, according to multiple news outlets.

The researcher, Patrick Wardle, chief security researcher at Synack and founder of Objective-See, identified many of these victims as ordinary individuals – most located in the U.S., with a high concentration within Ohio, Threatpost reported. It was a surprising finding, considering that a previous analysis of Fruitfly samples by Malwarebytes found that the spyware appeared to be specifically targeting biomedical research facilities.

According to a Forbes report, Wardle could see victims' IP addresses and the name of their Mac computers, reporting his findings to law enforcement.

ZDNet reported that the Fruitfly variant Wardle observed could control the keyboard and mouse, take screenshots and turn on the webcam, modify files, run commands in the background, and send an alert when the user is active in order to remain stealth.

Wardle will be presenting his findings in detail later this week at the Black Hat security conference in Las Vegas. According to Black Hat's synopsis of his session, Wardle performed his analysis not by reverse engineering Fruitfly, but rather by creating a custom C&C server to "coerce the malware to reveal it's full capabilities." This process essentially allowed Wardle to take over the malware's domain while hijacking its infected hosts.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.