FruitFly

Malware updated a month ago (2024-10-15T10:00:58.647Z)
Download STIX
Preview STIX
FruitFly is a malicious software (malware) that was discovered to have the ability to capture screenshots and webcam images, as well as gather information about devices connected to the same network. It could then connect to these devices, providing remote attackers with the capability to generate both simulated mouse and keyboard events. The malware persisted through a launch agent and its main component was identified as /Users/user/.client. Using tools such as KnockKnock, it was possible to reveal FruitFly's persistent component, further referred to as OSX/FruitFly.B's 'fpsaud'. FruitFly also included several powerful capabilities including file exfiltration, screen capture, execution of arbitrary commands, and remote access to the webcam and microphone. The infection of machines with FruitFly occurred via brute force attacks, often exploiting weak passwords or passwords from breaches of other systems. An initial investigation into the FruitFly malware revealed that some of its code was extremely old. On January 10, 2017, Malwarebytes became aware of the Mac version of the malware, which would later be known as FruitFly. This discovery was shared with Apple, who were already working with the FBI on an ongoing investigation into the malware. On January 25, 2017, an individual named Durachinsky was arrested for involvement with the FruitFly malware. In response to the threat posed by FruitFly, Apple released a security update to protect users against it. Additionally, Malwarebytes published a blog post with technical details about the malware. The FBI also took action, knocking on the door of the house linked to the IP address used by the malware, as documented in an FBI Flash document released to affected organizations on March 27, 2017.
Description last updated: 2024-10-15T09:29:34.425Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the FruitFly Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Malwarebytes
10 months ago
CERT-EU
a year ago
MITRE
2 years ago