FruitFly

FruitFly is designed to spy on mac users [1].

ID: S0277
Aliases: FruitFly
Type: MALWARE
Platforms: macOS

Version: 1.0

Alias Descriptions

NameDescription
FruitFly[1].

Techniques Used

DomainIDNameUse
EnterpriseT1083File and Directory DiscoveryFruitFly looks for specific files and file types.[1]
EnterpriseT1107File DeletionFruitFly will delete files on the system.[1]
EnterpriseT1158Hidden Files and DirectoriesFruitFly saves itself with a leading "." to make it a hidden file.[1]
EnterpriseT1159Launch AgentFruitFly persists via a Launch Agent.[1]
EnterpriseT1027Obfuscated Files or InformationFruitFly executes and stores obfuscated Perl scripts.[1]
EnterpriseT1057Process DiscoveryFruitFly has the ability to list processes on the system.[1]
EnterpriseT1113Screen CaptureFruitFly takes screenshots of the user's desktop.[1]

References