In a talk from Offensive Malware Analysis it is explained step by step how security researchers were able to dissect the OSX FruitFly backdoor by crafting their own command and control server.
In the video it is explained how the FruitFly backdoor was capable of staying under the radars.
FruitFly, the first OS X/macOS malware of 2017, is a rather intriguing specimen. Selectively targeting biomedical research institutions,
it is thought to have flown under the radar for many years.
It is rather interesting to see them take this approach. It was fun to see how they dissected the FruitFly backdoor and especially if we consider the fact that the backdoor has remained hidden for years. The setup of the C&C is worth a big hu’rah.