Synack security researcher Patrick Wardle has finally detected a scary Mac spyware called “Perverse” malware. It has been undetected for possibly over a decade. Here are the details of the malware.
Synack researcher finally detected a surveillance malware
Most Mac users trust the security of their device. However, they were still unwittingly being attacked by a spyware.
Patrick Wardle, a security analyst at Synack firm, discovered the scary surveillance malware, which they called “Perverse” malware. It has been able to bypass macOS and commercial antivirus products for years.
This spyware has been attacking devices in the United States, but it may have also infected devices in other countries.
There is still no evidence whether it collects banking credentials or installs ransomware. With this, Wardle told ArsTechnica saying "I don't know if it's just some bored person or someone with perverse goals."
‘Perverse’ Mac malware features
The “Perverse” malware is a variant of Fruitfly, which was discovered in January 2017 by Malwarebytes. Hence, it uses the same tactics as its predecessor.
For over a decade, the recently discovered malicious program has been allowing attackers to activate a device’ webcam, record keystrokes, and capture screenshots. Moreover, it has enabled them to get the confidential information stored on Macs.
Using the malware, they can also get sensitive information from devices that are connected to the same network.
‘Perverse’ Malware vs Fruitfly
Both Fruitfly and "Perverse" malwares execute similar actions. However, unlike Fruitfly, the recently detected scary spyware has infected more Mac devices. Moreover, it can infect machines longer.
As reported in Wccftech, Wardle analyzed the new variant and decrypted several backup domains that were hard coded into the “Perverse” malware. After registering in one of the addresses, he found out that close to 400 Mac devices in the United States were quickly infected. Wardle only observed the IP address and the user names of the infected devices.
With this, he concluded that innocent Mac users were attacked and spied every day for insidious goals.
The “Perverse” malware’s method of infection remains unknown until today. However, Wardle suspects that it tricks Mac users in clicking malicious links. Hence, they should not be overconfident in the security of their Mac.