Ride the Lightning

Man Charged with Spying on Thousands of Mac Users for Thirteen Years

January 18, 2018

Thirteen years of spying is a long run. As Naked Security reported on January 12^th, the technical description of the "Fruitfly" malware is "spyware." But given the way it has allegedly been used, I agree that it might accurately be described as "creepware."

According to a 16-count indictment unsealed in the US District Court for the Northern District of Ohio, its creator, Phillip R. Durachinsky, 28, used it to spy on thousands of victims for more than 13 years. Durachinsky spent this time not only collecting personal data but also watching and listening to victims through their webcams and microphones (that is very creepy), and using some of what he collected to produce child abuse imagery (that is beyond creepy – what a horror show).

Durachinsky, of North Royalton, Ohio, was charged with Computer Fraud and Abuse Act violations, Wiretap Act violations, production of child abuse imagery, and aggravated identity theft.

According to the Department of Justice, the software enabled him to control each computer by accessing stored data, uploading files, taking and downloading screenshots, logging a user's keystrokes, and turning on the camera and microphone to surreptitiously record images and audio.

He used the malware to steal the personal data of victims, including their logon credentials, tax records, medical records, photographs, banking records, internet searches, and potentially embarrassing communications.

The indictment charges that while Durachinsky primarily used Fruitfly to infect Macs, he also wrote variants of Fruitfly that were capable of infecting computers running Windows.

The DOJ said he saved millions of images, kept detailed notes on what he observed, and designed it to alert him if a user typed words associated with pornography.

Perhaps the most amazing thing about Fruitfly is that it is both unsophisticated and relatively easy to find, yet according to the DOJ, Durachinsky was able to use it undetected from 2003 until January 2017, when he was arrested and jailed on another charge. He remains in custody.

So far, it is not clear how Fruitfly infects computers, but since there is no evidence it exploited vulnerabilities, it probably gained access by tricking victims into clicking on malicious Web links or e-mail attachments.

Prosecutors also asked the court to order that Durachinsky forfeit any property he derived from his 13-year campaign, an indication that they allege he sold the images and data he acquired to others.

'Creepware' should enter the digital lexicon.

Hat tip to Dave Ries.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson