Malwarebytes reports that the malware looks as though its primary intention is to grab screenshots and gain webcam access. The script also executes a secondary script and Java class with the ability to hide its icon from showing in the macOS Dock. The malware was discovered when an IT administrator noticed irregular outgoing network activity from a specific Mac.Ĭontaining just two files, the malware uses a hidden script to communicate back to servers, take screenshots on both Mac and Linux, and grab the system’s uptime. Some of the code even shows signs of potentially running on Linux, leading the team to believe that the malware may have had or has a form of it on that operating system as well. The malware, which Malwarebytes’ software detects as ‘’, contains code that dates before OS X. It has reportedly been used in targeted attacks at biomedical research institutions. The Fruitfly malware has been using antiquated code to help it run undetected for quite some time on macOS systems. The team over at Malwarebytes has recently discovered what they’re calling “the first Mac malware of 2017”.