Antivirus vendor Malwarebytes has discovered a new Mac malware, called “Fruitfly,” which can also be used against Linux systems.
Malwarebytes identifies the code as “OSX.Backdoor.Quimitchin.” Discovered this year, Malwarebytes says this Mac backdoor contains routines that allow it to execute in some limited capacity on Linux systems.
“The script also includes some code for taking screen captures via shell commands,” the team says. “Interestingly, it has code to do this both using the Mac “screencapture” command and the Linux “xwd” command. It also has code to get the system’s uptime, using the Mac “uptime” command or the Linux “cat /proc/uptime” command.”
According to a blog post published by anti-malware provider Malwarebytes, the malware contains code that captures screenshots and webcam images, collects information about each device connected to the same network as the infected Mac, and can then connect to those devices.
Some of these features are also doubled by code that allows Fruitfly to run on Linux machines, albeit researchers have not spotted a Linux variant in the wild.
“The only reason I can think of that this malware hasn’t been spotted before now is that it is being used in very tightly targeted attacks, limiting its exposure,” said Thomas Reed, the Malwarebytes analyst that analyzed Fruitfly after a system administrator had contacted him after he noticed suspicious traffic in his network.