Does F-Secure SAFE protect against Fruitfly virus

There is a new Mac virus called FruitFly (http://money.cnn.com/2017/07/24/technology/mac-fruitfly-malware-spying/index.html?iid=ob_homepage_tech_pool).

 

Does F-Secure SAFE protect against this one?

Comments

  • UkkoUkko Posts: 3,184 Superuser

    Hello,

     

    Good if there will be official response from F-Secure Teams/Staff;

     

    But just as temporary suggestion:

     

    --> Based on "signature"-based detections.... F-Secure should detect something (at least) which called as: Trojan.MAC.Fruitfly.A; Trojan.MAC.Fruitfly.B;

     

    - First one added on Februrary: https://www.f-secure.com/dbtracker/Aquarius/2017-02-04_11.html

    - Second one added on June: https://www.f-secure.com/dbtracker/Aquarius/2017-06-06_10.html

     

    This is most likely kind of "signature" (or kind of fuzzy hashes) -- so maybe your noted article about something else (since it noted 'FruitFly2' and most of articles created with some of recent days);

     

    And also F-Secure SAFE with most of platforms -> used multi-layers design; So, protection can be not only as "detection", but also prevention or detection by other steps; I not friendly with Mac-platform - so.. not sure about certain options;


    Also I able to think that there can be a lot of limitations. And some of certain variants can be undetected; Because it "unknown yet";

    Just because something as backdoor/Fruitfly for Mac was described on January ... but was available/active some years before. Not sure about this certain software/trick/malware, but basically.. this is something which can be with design of high-quality malicious software;

     

    Thanks.

     

    // also one of website's articles have URL to virustotal.com; about "sample" of this recent Mac malware (?!); https://www.virustotal.com/en/file/befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271/analysis/

    There visible that on current day - F-Secure also detect it (as most of other companies); Even with some of first months (of "virustotal" upload) - not detect;

This discussion has been closed.