Editorials and informational articles

Fruitfly malware went undetected for years

A new Mac malware has passed undetected for years allowing its operator to spy on its victims. The Fruitfly malware has been patched in January 2017, but Patrick Wardle, scientist researcher at security firm Synack has discovered another version of the malware out in the open. Patrick was formerly a NSA hacker.

This new version could gain control of the victim’s computer, take screenshots of their screen, take webcam photos and more. So far it has been known that Fruitfly has infected nearly 400 victims, but the number can be bigger. Most of the victims are in the United States.

Wardle has stated for ZDNed that “it’s not the most sophisticated Mac malware“. He also continued in another article from ArsTechnica stating “I don’t know if it’s just some bored person or someone with perverse goals […] If some bored teenager is spying on me, that would still be very emotionally traumatic. If it’s turning on the webcam, that’s for perverse reasons“.

After the discovery made by Wardle, he reported everything to the law enforcement officials. Also all domains know to be associated with the malware are no longer available. That should essentially neutralize the threat.

As you might all guess, the Apple representatives did not respond to an e-mail seeking comment for this article.

The interesting thing is that even though the malware is not that sophisticated, it managed to stay under the radar for so long. Compairing with the new Mac malware that appeared recently, Fruitfly malware was easily detectable. Given the facts, none managed to find it until recently.

According to a McAfee study, the infections of Mac operating systems is increasing and by the end of the year we’re expecting for the numbers to grow.

fruitfly malware

Credits for photo, Patrick Wardle.

Security solutions and antivirus software

The launch of iOS 10.3 might have been hurried due to a fake ransomware

The new iOS update to version 10.3 that was launched on the 28th of March might have been hurried after some user have reported that their devices are blocked due to a ransomware.

A virus that acted just like the FBI ransomware, to be more precise a pop-up that accused the owners of the devices that they have accessed illegal porn or pirated music, that seemed to be hard to remove or get rid off. In fact the ransomware was a fake one, and by clearing the browser cache memory the users could gain back full access to their devices.

The ransomware was created using JavaScript, a code used frequently on many websites. According to security company Lookout, the attackers were requesting 100 pounds under a iTunes coupon that was suppose to be sent out via a SMS to a certain phone number in order to unlock the victims phone.

Researchers have written that: “in fact the malware was a fake one and it did not encrypt any data. The purpose was to frighten the victims in order to pay for the unlocking of the browser before they would realize it is no need to pay a ransomware to recover phone data or access to the browser.

The patch from iOS 10.3 did fix the problem, but prof. Alan Woodward, expert in cybernetic security at Surrey University has said that many iPhone users have avoided the update because it would have also bring some new features regarding the devices functionality.

I, for personal reasons, have not updated my iOS since version 10.0.1 and I also recommend waiting for a couple of days before doing any updates, because not all updates are good. Have you updated to the new iOS 10.3 due to the fake ransomware?


58% percent of US schools use Chromebook 2-in-1 devices

The tech giants fight against each others on different markets. The educational institutes such as schools and universities prefer to use Google and Microsoft products (computers and laptops).

Google has become the leading choise in the educational institutions from US, while Microsoft is close behind. Apple have turned from leaders to the last choices, due to lack of innovations and high product price.

Chromebooks are the number one choise in the US, with 58% share, while Microsoft gathers a 22% of the market, followed by Apple with 19% and Linux with 5%.

From 12.6 million devices sold to US schools in 2016, more than a half of them are Chromebooks.

Both Microsoft and Google offer a lot of 2-in-1 devices with detachable keyboards under 300$. Such devices are preferred in educational environments for their flexibility in usage.

Microsoft figured out that such devices will be sold like warm bread and created its own Surface lineup.

For more information, see this research from

Hackers and hacks

OSX Filecoder.E – the latest ransomware for MacOS systems

The new ransomware for MacOS systems was called OSX Filecoder.E by the ESET researchers. The virus is spreading through bittorrent websites and the users that fall into the trap of this ransomware are not able to recover their data or files back even if they pay the ransom. ESET researchers have noticed that the ransomware is very poorly designed.

OSX Filecoder .E ransomware

OSX Filedecoder.E is disguised as a cracking tool for commercial software like Adobe Premiere Pro CC or Microsoft Office for Mac operating systems. The programming language the virus is written into is Apple Swift and judging by the multiple mistakes made into its implementation, it seems that the developer was an inexperienced one. The installer is not signed with a development certificate issued by Apple, that’s the reason why it’s very difficult to install the malware on the new OS X and MacOS operating systems.

Yet another problem seems to be the one that it generates only one encryption key for all the files and then it stocks the files into encrypted ZIP archives and the malware does not have the ability to communicate with an external server. That way the encryption key will not reach the attacker before being destroyed. This means that even if the user pays the ransom by following the hackers instruction (usually located into a README!.txt file), the user will not get his data or files back.

The encryption seems to be strong, and it can’t be broken through alternative ways. „The random ZIP password is generated with arc4random_uniform which is considered a secure random number generator. The key is also too long to brute force in a reasonable amount of time.“, researchers from ESET wrote in a blog post on Wednesday.

Even if OSX Filecoder.E seems to be the art of an inexperienced attacker, it still show us that MacOS is still a target for ransomware developers. Better safe than sorry we say! Stay safe!