Does F-Secure SAFE protect against Fruitfly virus

Scholar

Does F-Secure SAFE protect against Fruitfly virus

There is a new Mac virus called FruitFly (http://money.cnn.com/2017/07/24/technology/mac-fruitfly-malware-spying/index.html?iid=ob_homepage_te...).

 

Does F-Secure SAFE protect against this one?

1 REPLY 1
Superuser

Re: Does F-Secure SAFE protect against Fruitfly virus

Hello,

 

Good if there will be official response from F-Secure Teams/Staff;

 

But just as temporary suggestion:

 

--> Based on "signature"-based detections.... F-Secure should detect something (at least) which called as: Trojan.MAC.Fruitfly.A; Trojan.MAC.Fruitfly.B;

 

- First one added on Februrary: https://www.f-secure.com/dbtracker/Aquarius/2017-02-04_11.html

- Second one added on June: https://www.f-secure.com/dbtracker/Aquarius/2017-06-06_10.html

 

This is most likely kind of "signature" (or kind of fuzzy hashes) -- so maybe your noted article about something else (since it noted 'FruitFly2' and most of articles created with some of recent days);

 

And also F-Secure SAFE with most of platforms -> used multi-layers design; So, protection can be not only as "detection", but also prevention or detection by other steps; I not friendly with Mac-platform - so.. not sure about certain options;


Also I able to think that there can be a lot of limitations. And some of certain variants can be undetected; Because it "unknown yet";

Just because something as backdoor/Fruitfly for Mac was described on January ... but was available/active some years before. Not sure about this certain software/trick/malware, but basically.. this is something which can be with design of high-quality malicious software;

 

Thanks.

 

// also one of website's articles have URL to virustotal.com; about "sample" of this recent Mac malware (?!); https://www.virustotal.com/en/file/befa9bfe488244c64db096522b4fad73fc01ea8c4cd0323f1cbdee81ba008271/...

There visible that on current day - F-Secure also detect it (as most of other companies); Even with some of first months (of "virustotal" upload) - not detect;