Fruitfly: What do you need to know and how to remove it?

When Fruitfly was first discovered, in early 2017, it was still a mystery how long the malware had been running around infecting Macs and who was behind it.

After it was initially discovered, it took months of painstaking investigation for the FBI to find and arrest the creator, a 28-year-old Phillip Durachinsky. He had been using it for 14 years, and it had gone undetected all of that time by antivirus software.

What is Fruitfly?

The original disturbing discovery - at Case Western Reserve University - found that Macs infected with Fruitfly were at risk of having files and data stolen, keystrokes copied (giving hackers access to emails and bank accounts), and Mac users could be spied on through the camera and microphones. Fruitfly could effectively take over a Mac, capturing screenshots and even accessing other devices on the same network.

Although said to be relatively unsophisticated, it was designed to alert those behind it to when a user was active. With the features this malware had, investigators were surprised that ransomware wasn’t included in this particularly nasty infection.

Apple released a patch in January 2017. Unfortunately, this didn’t immediately solve the problem. New versions emerged, which took the FBI, security specialists and Apple to uncover the source and prevent new versions from appearing and infecting Macs. When the malware was uncovered, it seems as though the command and control server had been abandoned, although that is likely a result of FBI intervention.

The total number of infected Macs is still unknown. It probably numbers in the thousands, or many more. Perhaps unsurprising considering that the Fruitfly Mac malware (also known as Quimitchin by some anti-virus providers) was in operation for 14 years. Mac users became infected through links and emails. The FBI in a flash alert stated that:

“The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches.”

To put it simply: hackers were using a process known as port scanning to identify Mac’s with weak or no passwords, then sneaking the malware in.

Court documents show that the creator, Durachinsky, was mainly interested in collecting explicit images of Mac users, including many of children. He faces 13 criminal indictments and the trial is proceeding through the U.S. criminal justice system.

Anyone reading this can agree this - as is the case with any type of malware, spyware or ransomware - that Fruitfly is not something you want on your Mac.

How to remove Fruitfly?

Since Fruitfly was uncovered, Apple and antivirus software companies have been working hard to block and eliminate the problem. However, if your Mac has already been infected, it needs to be removed since any new security patches and macOS updates won’t eliminate something that is already on your Mac.

Removing Fruitfly manually isn’t easy. Removing any kind of malware is, by its very nature, difficult. You can’t just search for it on your Mac and it will be sitting labeled waiting for you to put it in the trash. Malware is hidden and this particularly nasty computer virus has managed to stay hidden for 14 years.

Removing Fruitfly malware using a malware scanner or anti-virus software is unfortunately, no guarantee of success, either. Not all of them can detect it. Although many more are caught up on how to rid computers and Mac’s of the malware since it was first uncovered in January 2017. If you have antivirus software, it is worth scanning to see if you are infected and to remove it.

If Fruitfly doesn't show up using an antivirus scan, it doesn't mean your Mac is safe.

To make sure, download CleanMyMac X and use the Malware Removal tool.

Malware scan in process

CleanMyMac X will scan for all known malware infections, including Fruitfly. Once the scan is complete, it will show you what is lurking inside your Mac. Click Remove, then all of those threats will disappear for good.

It is worth doing a malware and threat scan every few months, or if ever you aren't sure if your Mac is performing at its best. It’s impossible to know if our Macs are safe with so many forms of malware around.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.