How do I get rid of FruitFly malware

Hello ck525,

None of that is incorrect. 400 is the only number that has been reported so far. Wardle is scheduled to present a talk about this malware tomorrow. I think if the actual number were much higher than that, he would have probably raised a bigger stink about it. He is very good at publicity 🙂. But I think he accurately assesses the risk of this particular malware to be merely Powerpoint-worthy.

You most certainly shouldn't trust popular media with technical information - not ever - not for security nor for any other technical information. The article may rely on good research and reliable sources, but I can guarantee they will scramble pretty much all of that before they feed it to you. It is like healthy food. The closer to the farm you get it, the higher the quality. Major media is like pre-chewed food.

I don't think anyone was being condescending. It is just frustration and exasperation. There are huge problems these days with adware, scamware, fake security software, tech support scams, etc. People fall for those constantly and then come here to ask for help to fix it. But one report on CNN about a simplistic malware that no one happened to notice and people are all worried about it. There is LOTS to be worried about, you won't read anything about those real threats on CNN.

if you are one of or concerned you may be one of the 400 or "possible more" Mac owners infected with this malware which Wardle has reported and already stated, the threat is likely naturalized Mac owners may expect additional information when Wardel speaks in Las Vegas on July 26, 2017 on the subject then the best advice is backup, format your drive and reinstall the OS from the original disks, disks provided by Apple or by Recovery or Internet Recovery.

which should eradicate any code or variant of this code from your computer.

"Get rid of"?

This is an old malware that infecteced perhaps 400 Macs in the entire world and has been patched by Apple already. It also required compromizing other aspects of Mac and Apple ID security systems before it could even have been installed.

The chances of you having it installed are as close to zero as it gets.

In general, if you suspect malware or adware, download and install Malwarebytes.

Malwarebytes | Malwarebytes Anti-Malware for Mac

Chances of having the virus might be slim, but it is believed that there are many more infected than we know. From CNNMoney (http://money.cnn.com/2017/07/24/technology/mac-fruitfly-malware-spying/index.htm l):

"Wardle says there are multiple strains of FruitFly. The malware has the same spying techniques,but the code is different on each strain. After months of analyzing the new strain, Wardle decrypted parts of the code and set up a server to intercept traffic from infected computers. "Immediately, tons of victims that had been infected with this malware started connecting to me," said Wardle, adding he could see about 400 infected computer names and IP addresses.

He believes this reflects only a small subset of infected users."

Never take computer advice from mainstream news outlets as a reliable source of information regarding malware, adware or virus information especially when it's directed at Macintosh. They are often wildly inaccurate or present inflated cases to legitimize their false claims. There are a handful of trustworthy sources for accurate info regarding these and other instances of securities information. CNN, FOX, MSNBC, etc consistently get it wrong or make a tidal wave where there was a splash.

Well, then, please enlighten me as to the names of these "handful of trustworthy sources." The source mentioned in the CNNMoney article was Patrick Wardle, Chief Security Researcher of Synack, who seems to have two masters degrees in Computer Science and Security Informatics from Johns Hopkins.

The reports are true but as had been noted it was not very widespread. When there are articles on sites like CNN they tend to create a great deal of hype because CNN has such great reach. That's not to impune Patrick Wardle or anyone else.

If you are worried Bob Harris has given you the solution and that is to run Malwarebytes, also quoted in the CNN article.

Thanks, macjack, for the very reasonable and nicely worded response. I'm not personally worried about the virus, but I do take issue with the condescending way in which Rysk responded to the original question. Rysk wrongly indicated that only 400 computers were infected, when, in fact, it is unknown how many others are affected. And then JimmyCMPIT jumped in and implied that CNN, FOX, and MSNBC are "never" to be trusted for information of this sort. In fact, the CNN article I first referenced was reasoned, researched, and used reliable sources for information and commentary. No where in the article did it say the virus was widespread, but Rysk's reply was just wrong and condescending to the original poster's inquiry.

That's nice, because there is no historical evidence that mainstream news would mis-represent, or offer an incomplete story or come to their own conclusion that was never offered by an expert. So if you trust that then by all means run with that ball.

However in light of the other articles Google News posted a two year old link from Thomas Reed who is a contributor to this forum and the developer of Malwarebytes for Mac on this very subject, which pointed to the suggestion made here to run that software and if this code or a variant of it is detected, it can be removed with the software twice suggested on this thread.

I am adding it for a third nomination as well; even if your system was not compromised by anything and you just want to check.

www.malwarebytes.com

Thanks. I will run with that ball, because the CNN article DID NOT come to it's own conclusion. It directly quoted an expert who said that the 400 known infected computers "reflects only a small subset of infected users." Disparaging major news outlets as being unreliable sources when they directly quote an expert is just flat out misleading.

ck525 wrote:

but I do take issue with the condescending way in which Rysk responded to the original question.

I think it's important to keep in mind that people participating in these forums come from a very wide range of cultural, linguistic and educational backgrounds. Assuming that someone intended to be condescending (or anything else negative) may be just that, an assumption. I find my experience on line is pleasanter when I manage to assume that people have good intentions and ignore what the tone appears to be. I do fail sometimes. But, as Rysk didn't say, "Get rid of what, you dimwit?", perhaps the benefit of the doubt is in order?

Best of luck.

Thanks, IdrisSeabright. But based on his many other posts, I'm pretty sure Rysk had an implied "dimwit" in there. Past posts reveal complete disdain in responses to newbies. Many of his replies are straight up business-like, which is OK...no pleasantries are needed in this forum. Other replies are quite condescending.

ck525 wrote:

Thanks, IdrisSeabright. But based on his many other posts, I'm pretty sure Rysk had an implied "dimwit" in there. Past posts reveal complete disdain in responses to newbies. Many of his replies are straight up business-like, which is OK...no pleasantries are needed in this forum. Other replies are quite condescending.

What we infer and what people intended are quite often too different things. Ignore tone, take the useful advice and move on.

I didn't read the CNN article, but I did read the original source. Fruitfly2 appears to be targeting pharmaceutical research facilities, and it is suspected that its purpose is corporate espionage. So the probability that you are infected is very small unless you are a microbiologist.

Lawrence Finch wrote:

I didn't read the CNN article, but I did read the original source. Fruitfly2 appears to be targeting pharmaceutical research facilities, and it is suspected that its purpose is corporate espionage. So the probability that you are infected is very small unless you are a microbiologist.

Hopefully, whoever's doing it doesn't care about tiny, primarily undergraduate universities doing pharma research.