Fruitfly: What do you need to know and how to remove it?

When Fruitfly was first discovered in early 2017, it was still a mystery how long the malware had been running around infecting Macs and who was behind it.

After it was initially discovered, it took months of painstaking investigation for the FBI to find and arrest its creator, a 28-year-old Phillip Durachinsky. He had been using it for 14 years, and it had gone undetected all of that time by antivirus software.

What is Fruitfly?

The original disturbing discovery at Case Western Reserve University found that Macs infected with Fruitfly were at risk of having files and data stolen and keystrokes copied (giving hackers access to emails and bank accounts). Mac users could be spied on through the camera and microphones. Fruitfly could effectively take over a Mac, capturing screenshots and even accessing other devices on the same network.

Although said to be relatively unsophisticated, it was designed to alert those behind it when a user was active. With the features this malware had, investigators were surprised that ransomware wasn’t included in this particularly nasty infection.

Apple released a patch in January 2017. Unfortunately, this didn’t immediately solve the problem. New versions emerged, which took the FBI, security specialists, and Apple to uncover the source and prevent new versions from appearing and infecting Macs. When the malware was uncovered, it seemed as though the command and control server had been abandoned, although that is likely a result of FBI intervention.

The total number of infected Macs is still unknown. It probably numbers in thousands or many more. Perhaps unsurprising considering that the Fruitfly Mac malware — also known as Quimitchin by some antivirus providers — was in operation for 14 years. Mac users became infected through links and emails. In a flash alert, the FBI stated that:

“The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches.”

To put it simply, hackers were using a process known as port scanning to identify Macs with weak or no passwords and then sneaking the malware in.

Court documents show that the creator, Durachinsky, was mainly interested in collecting explicit images of Mac users, including many photos of children. He faced a 16-count indictment of cuber violations, identity theft, and fraud. 

Anyone reading this can agree that Fruitfly — just like any type of malware, spyware, or ransomware — is not something you want on your Mac.

How to remove Fruitfly?

Since Fruitfly was uncovered, Apple and antivirus software companies have been working hard to block and eliminate the problem. However, if your Mac has already been infected, it needs to be removed since any new security patches and macOS updates won’t eliminate something that is already on your Mac.

Deleting Fruitfly manually isn’t easy. Removing any kind of malware is, by its very nature, difficult. You can’t just search for it on your Mac — it will not be sitting labeled, waiting for you to drag it to Trash. Malware is hidden, and this particularly nasty computer virus has managed to stay hidden for 14 years.

Removing Fruitfly malware using a malware scanner or antivirus software is, unfortunately, no guarantee of success, either. Not all of them can detect it, although many more are caught up on how to help computers and Macs get rid of the malware since it was first uncovered in January 2017. If you have antivirus software, it is worth scanning to see if you are infected and to remove it.

If Fruitfly doesn’t show up using an antivirus scan, it doesn’t mean your Mac is safe.

To make sure, download CleanMyMac X and use its Malware Removal tool.

Malware scan in process

CleanMyMac X will scan for all known malware infections, including Fruitfly. Once the scan is complete, it will show you what is lurking inside your Mac. Click Remove, and all of those threats will disappear for good.

It is worth doing a malware and threat scan every few months or even more frequently if your Mac isn’t performing at its best. It’s impossible to know if our Macs are safe with so many forms of malware around.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.