Fruitfly

Fruitfly is a spyware program with builds that are compatible with the Mac, Windows and Linux systems. Fruitfly may capture information through various means, such as taking screenshots, recording your keyboard or turning on your webcam. In response, the users should disable their Internet connections, uninstall Fruitfly with anti-malware tools and double-check their logins and network ports for vulnerabilities.

This Fly Has Been Over a Decade Buzzing

The over ten-years-old spyware package known as Fruitfly is a long-time security concern for Mac machines, although newer variants are boasting compatibility with other OSes. By hijacking unused domains from its C&C infrastructure, researchers in the cyber-security industry are verifying that Fruitfly remains active, even after the arrest of Phillip Durachinsky, the threat actor who both coded the software and was responsible for managing its campaign. Accordingly, malware experts recommend responding to Fruitfly as, still, threatening and a possible source of losing confidential data.

Fruitfly includes some of the usual features that define most, comprehensive packages of spyware, including:

• Fruitfly captures shots of the user's screen.
• The threat also exploits some peripheral devices, such as webcams, by enabling and recording them, as well as facilitating live streaming to the threat actor's remote control panel.
• Similarly, Fruitfly accesses the victim's microphone for monitoring audio.
• Fruitfly does possess keyboard-recording or 'keylogging' functionality. Most threat actors use such features for collecting logins and passwords associated with finances, although Durachinsky demonstrated less interest than usual in leveraging the attacks for taking money.

  The majority of Fruitfly's targets are random, individual users, with hundreds of infected machines fitting this criterion as of the past year. However, this preference is far from being immunity, and malware experts also estimate opportunistic attacks against network machines for law enforcement agencies, educational institutions, for-profit companies, and even the United States government.

  Swatting Fruitfly Out of the Sky

  Even with Fruitfly's author no longer at large, the spyware is live and communicating with its static domains, which still may provide administrative support. Its infection methods, while mysterious for the bulk of Fruitfly's campaign, became verifiable as taking advantage of remote access ports with weak or previously-leaked credentials recently. Users suspecting infections should close all appropriate ports and change passwords appropriately. Exploitable devices like microphones and webcams also can be unplugged temporarily.

  Although the majority of Fruitfly's campaign focuses on prurient interests such as pornographic Web searches, some Fruitfly attacks compromise medical or tax records, banking transactions, and similar data of financial or personal value. A victim should contact the appropriate companies after disinfecting their machines for determining further courses of action. Although malware experts do recommend having a dedicated anti-malware program for removing Fruitfly, any threat scans should be comprehensive sufficiently for also detecting other unwanted software that may be using the same, widely-applicable infection techniques.

  The buzz around Fruitfly has yet to die, in large part, due to its success at preserving itself while covering its tracks. An unsecured port isn't a trivial matter, and, as Fruitfly shows, is a danger to a network-connected PC of any operating system.