{
	"id": "c0a34039-9c61-41ae-ab4c-7089cbbc5d09",
	"created_at": "2026-04-06T00:12:46.761684Z",
	"updated_at": "2026-04-10T03:21:13.787653Z",
	"deleted_at": null,
	"sha1_hash": "232f38f257b10464ade3b1a945221134ba1789eb",
	"title": "Newly discovered Mac malware found in the wild also works well on Linux",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32673,
	"plain_text": "Newly discovered Mac malware found in the wild also works well\r\non Linux\r\nBy Dan Goodin\r\nPublished: 2017-01-18 · Archived: 2026-04-05 13:09:19 UTC\r\nA newly discovered family of Mac malware has been conducting detailed surveillance on targeted networks,\r\npossibly for more than two years, a researcher reported Wednesday.\r\nThe malware, which a recent Mac OS update released by Apple is detecting as Fruitfly, contains code that captures\r\nscreenshots and webcam images, collects information about each device connected to the same network as the\r\ninfected Mac, and can then connect to those devices, according to a blog post published by anti-malware provider\r\nMalwarebytes. It was discovered only this month, despite being painfully easy to detect and despite indications\r\nthat it may have been circulating since the release of the Yosemite release of OS X in October 2014. It’s still\r\nunclear how machines get infected.\r\n“The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing\r\nnetwork traffic from a particular Mac,” Thomas Reed, director of Mac offerings at Malwarebytes, wrote in the\r\npost. “This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have\r\nactually been in existence, undetected for some time, and which seems to be targeting biomedical research\r\ncenters.”\r\nAncient artifacts\r\nThe malware contains coding functions that were in vogue prior to the first release of OS X in 2001. Open source\r\ncode known as libjpeg, which the malware uses to open or create JPG-formatted image files, was last updated in\r\n1998. It’s possible Fruitfly wasn’t developed until much later and simply incorporated those antiquated\r\ncomponents. Still other evidence—including a comment in the code referring to a change made in Yosemite and a\r\nlaunch agent file with a creation date of January 2015—suggests the malware has been in the wild for at least two\r\nyears.\r\nSource: https://arstechnica.com/security/2017/01/newly-discovered-mac-malware-may-have-circulated-in-the-wild-for-2-years/\r\nhttps://arstechnica.com/security/2017/01/newly-discovered-mac-malware-may-have-circulated-in-the-wild-for-2-years/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://arstechnica.com/security/2017/01/newly-discovered-mac-malware-may-have-circulated-in-the-wild-for-2-years/"
	],
	"report_names": [
		"newly-discovered-mac-malware-may-have-circulated-in-the-wild-for-2-years"
	],
	"threat_actors": [],
	"ts_created_at": 1775434366,
	"ts_updated_at": 1775791273,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/232f38f257b10464ade3b1a945221134ba1789eb.pdf",
		"text": "https://archive.orkl.eu/232f38f257b10464ade3b1a945221134ba1789eb.txt",
		"img": "https://archive.orkl.eu/232f38f257b10464ade3b1a945221134ba1789eb.jpg"
	}
}