Malwarebytes points out that Fruitfly is detected by “OSX.Backdoor.Quimitchin,” which is using code that actually predates OS X itself. The report adds that some of the code could show signs of potentially running on Linux. The malware was first discerned by an IT administrator who became aware of an irregular amount of outgoing network activity from a specific Mac.
“Another clue, of course, is the age of some of the code, which could potentially suggest that this malware goes back decades. However, we shouldn’t take the age of the code as too strong an indication of the age of the malware. This could also signify that the hackers behind it really don’t know the Mac very well and were relying on old documentation. It could also be that they’re using old system calls to avoid triggering any kind of behavioral detections that might be expecting more recent code.
Ironically, despite the age and sophistication of this malware, it uses the same old unsophisticated technique for persistence that so many other pieces of Mac malware do: a hidden file and a launch agent. This makes it easy to spot, given any reason to look at the infected machine closely (such as unusual network traffic). It also makes it easy to detect and easy to remove.”The experts who conducted the reverse engineering of the malware found comment files that suggest this malware has been in effect for quite some time; at least since OS X Yosemite (launched in 2014). The reason this malware may have gone unnoticed for so long was because it targeted a very small sample of machines. Had it have been present on more machines, it may have been noticed and reported much faster.
It’s very unlikely that your Mac at home has been infected with this malware, which is being dubbed OSX.Backdoor.Quimitchin, named after the Aztec spies who were known for infiltrating other tribes for information. Nevertheless, that’s not to say that other rogue malware couldn’t infect your machine, so you should always be wary of what you download.