Register to stream ATT&CKcon 2.0 October 29-30

FruitFly

FruitFly is designed to spy on mac users [1].

ID: S0277
Type: MALWARE
Platforms: macOS
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1083 File and Directory Discovery FruitFly looks for specific files and file types. [1]
Enterprise T1107 File Deletion FruitFly will delete files on the system. [1]
Enterprise T1158 Hidden Files and Directories FruitFly saves itself with a leading "." to make it a hidden file. [1]
Enterprise T1159 Launch Agent FruitFly persists via a Launch Agent. [1]
Enterprise T1027 Obfuscated Files or Information FruitFly executes and stores obfuscated Perl scripts. [1]
Enterprise T1057 Process Discovery FruitFly has the ability to list processes on the system. [1]
Enterprise T1113 Screen Capture FruitFly takes screenshots of the user's desktop. [1]

References