Malware Dev Charged with Spying on "Thousands" of Users for 13 Years | Tripwire

Malware Dev Charged with Spying on "Thousands" of Users for 13 Years

Posted on January 11, 2018
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
The United States Justice Department has charged an alleged malware author with spying on thousands of users for a period of 13 years.
durachinsky.jpg
Phillip R. Durachinsky (Source: Cleveland Scene) An indictment filed with the U.S. District Court for the the Northern District of Ohio (Eastern Division) asserts Phillip R. Durachinsky, 28, of North Royalton Ohio masterminded a scheme by which he accessed protected computers without their owners' consent. When he was just a teenager, Durachinsky allegedly created "Fruitfly," Mac-based malware which is capable of taking screenshots and obtaining access to infected computers' webcams. The Ohio resident supposedly installed Fruitfly on "thousands of computers" between 2003 and 20 January 2017. With the help of a control panel for the malware, he then manipulated those machines to view live images and save data. The court document elaborates on one such perverse application of Fruitfly in particular:
"In certain cases, the Fruitfly malware alerted Defendant if a user of an infected computer typed certain words associated with pornography. Defendant used the Fruitfly malware to watch and listen to Fruitfly victims without their knowledge or permission. He saved millions of images and regularly kept detailed notes of what he observed."
Durachinsky is believed to have also downloaded victims' personal information, misused stolen login credentials to access protected web accounts, and committed wire fraud. Malwarebytes discovered Fruitfly's "extremely simplistic" first variant back in January 2017. A patch from Apple against the threat followed shortly thereafter. Even so, security researcher Patrick Wardle came across a sophisticated second variant that was sending victims' stolen information to backup servers. He decided to register one of these domains and fire up a command-and-control (C&C) server to gain some insight into how the malware was behaving. When he did, he received information on 400 Mac users primarily living in the United States and Canada who had fallen victim to Fruitfly.
1500898918213-fruitfly-768x381.jpeg
A partial list of FruitFly victims. (Source: Patrick Wardle) Wardle, who informed the FBI about his discovery and handed over everything he had learned about the malware to investigators, told ZDNet that Fruitfly should serve as a warning to Mac users:
"Computers can so easily be turned into spying devices, and normally people don't worry too much – they say, 'the Russians' or 'the NSA,' and think that they don't have anything to hide. But it's really important [to know] that there are other, very perverse people out there who're trying to accomplish the same goal."
With that said, macOS users should take just as many precautions as Window users in avoiding suspicious links and email attachments, maintaining an up-to-date anti-virus solution on their computers, and regularly updating their installed software. News of this indictment follows less than a year after the Russian author of the notorious Citadel malware, which infected over 11 million PCs and stole an astonishing $500 million from bank accounts, pleaded guilty to his crimes.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!