The malware is a variant on Fruitfly, discovered back in January and blocked by a macOS update shortly afterwards.
He found out that this second variant has numerous spying capabilities of the first, but that there is no indication that the malware is used to install ransomware or collect online banking credentials.
Wardle will be talking about the malware at Black Hat in Las Vegas later this week.
After discovering some backup domains hardcoded in it and ascertaining they were available, he registered one of them.
Trump invokes real estate developer William Levitt in speech to Boy Scouts
Trump says that the country "has no better citizens than its Boy Scouts ", adding: "The Scouts believe in putting America first". McConnell says he's made a commitment to his state's voters to scuttle President Barack Obama's law.
Within two days of registering one of these addresses, almost 400 infected Macs were connected to the server, mostly from homes located in the United States.
When the initial Fruitfly malware was detected it connected to a command and control server.
The discovery of FruitFly reminds users that although Mac malware is considerably less widespread than Windows, it still exists.
Although Wardle did nothing more than observe the IP address and user names of Macs that connected to his server, he had the ability to use the malware to spy on the users who were unwittingly infected. Although the method of spreading the virus is still unknown, Wardle suspects this action involves the user to click on a malicious link. Wardle alleges that he's seen "about 400 individual cases" of the "FruitFly" malware so far; however, citing his limited access to "a handful of servers" upon which the malicious code is being hosted, he conceded that there could be many more cases. "If it's turning on the webcam, that's for perverse reasons".
Whether Apple knows about the issue or not remains unclear, however when reached for comment by Forbes the company did not respond. It's more likely that the attacker is someone that has been using the malware for his or her own "perverse" goals. And yet, for whatever reason, no one caught it until recently. From the early data gleaned from Wardle's research, it appears that 90% of the infected Macs are in the United States and that there are no obvious connections between users.