1. Home
  2. Software
  3. FruitFly

FruitFly

FruitFly is designed to spy on mac users [1].

ID: S0277
Type: MALWARE
Platforms: macOS
Version: 1.2
Created: 17 October 2018
Last Modified: 22 March 2023
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1543 .001 创建或修改系统进程: Launch Agent

FruitFly persists via a Launch Agent.[1]
Enterprise T1113 屏幕捕获

FruitFly takes screenshots of the user's desktop.[1]
Enterprise T1083 文件和目录发现

FruitFly looks for specific files and file types.[1]
Enterprise T1027 .010 混淆文件或信息: Command Obfuscation

FruitFly executes and stores obfuscated Perl scripts.[1]
Enterprise T1070 .004 移除指标: File Deletion

FruitFly will delete files on the system.[1]
Enterprise T1057 进程发现

FruitFly has the ability to list processes on the system.[1]
Enterprise T1564 .001 隐藏伪装: Hidden Files and Directories

FruitFly saves itself with a leading "." to make it a hidden file.[1]

References

  1. Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.