The United States Justice Department has charged an alleged malware author with spying on thousands of users for a period of 13 years.

Phillip R. Durachinsky (Source: Cleveland Scene)

An indictment filed with the U.S. District Court for the the Northern District of Ohio (Eastern Division) asserts Phillip R. Durachinsky, 28, of North Royalton Ohio masterminded a scheme by which he accessed protected computers without their owners’ consent.

When he was just a teenager, Durachinsky allegedly created “Fruitfly,” Mac-based malware which is capable of taking screenshots and obtaining access to infected computers’ webcams.

The Ohio resident supposedly installed Fruitfly on “thousands of computers” between 2003 and 20 January 2017. With the help of a control panel for the malware, he then manipulated those machines to view live images and save data.

The court document elaborates on one such perverse application of Fruitfly in particular:

In certain cases, the Fruitfly malware alerted Defendant if a user of an infected computer typed certain words associated with pornography. Defendant used the Fruitfly malware to watch and listen to Fruitfly victims without their knowledge or permission. He saved millions of images and regularly kept detailed notes of what he observed.

Durachinsky is believed to have also downloaded victims’ personal information, misused stolen login credentials to access protected web accounts, and committed wire fraud.

Malwarebytes discovered Fruitfly’s “extremely simplistic” first variant back in January 2017. A patch from Apple against the threat followed shortly thereafter.

Even so, security researcher Patrick Wardle came across a sophisticated second variant that was sending victims’ stolen information to backup servers. He decided to register one of these domains and fire up a command-and-control (C&C) server to gain some insight into how the malware was behaving. When he did, he received information on 400 Mac users primarily living in (Read more...)