Currently viewing ATT&CK v8.2 which was live between October 27, 2020 and April 28, 2021. Learn more about the versioning system or see the live site.
SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. FruitFly

FruitFly

FruitFly is designed to spy on mac users [1].

ID: S0277
Type: MALWARE
Platforms: macOS
Version: 1.1
Created: 17 October 2018
Last Modified: 30 March 2020
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1543 .001 Create or Modify System Process: Launch Agent

FruitFly persists via a Launch Agent.[1]
Enterprise T1083 File and Directory Discovery

FruitFly looks for specific files and file types.[1]
Enterprise T1564 .001 Hide Artifacts: Hidden Files and Directories

FruitFly saves itself with a leading "." to make it a hidden file.[1]
Enterprise T1070 .004 Indicator Removal on Host: File Deletion

FruitFly will delete files on the system.[1]
Enterprise T1027 Obfuscated Files or Information

FruitFly executes and stores obfuscated Perl scripts.[1]
Enterprise T1057 Process Discovery

FruitFly has the ability to list processes on the system.[1]
Enterprise T1113 Screen Capture

FruitFly takes screenshots of the user's desktop.[1]

References

  1. Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.