In some ways, the fact that it’s been around for so long and is only now coming to light is more disturbing than if it was brand new code, because it means that the hackers controlling it have been spying for a very long time.
Thus far, it is unknown how the hackers are spreading the malware from one computer to another, but extensive analysis has been done on the code, and under the hood, it’s fairly interesting.
For one thing, it appears that the code’s authors did not know a lot about Macs. The Mac-specific code is fairly crude, but effective enough to allow the hackers to control a webcam, if one is available, take screen shots and simulate mouse clicks, which allow for a degree of navigation inside the system.
The fact that the hackers had limited knowledge of Macs is not terribly surprising, because Apple’s share of the laptop and desktop market has always been marginal. Because of that fact, most hackers didn’t write malware that specifically targeted these systems. Wintel boxes have always been seen as the low hanging fruit in the computer world, simply by virtue of how many there are, by comparison.
The other interesting thing about Fruitfly, though, is the fact that its code also contains Linux commands. In fact, it can spread to and run on a Linux-based machine with no difficulty, minus the Mac-specific code, of course.
In any case, it’s an interesting bit of malware that seems highly focused on biotech firms. If you’re connected to that industry in any way, it’s definitely something to make sure your IT staff is aware of.