Free Republic
Browse · Search
Topics · Post Article

Skip to comments.

Man Charged Over Super Creepy Apple Mac Spyware That Snooped On Victims Via Webcams
Forbes ^ | January 10, 2018 | By Thomas Fox-Brewster , FORBES STAFF

Posted on 01/11/2018 2:11:23 AM PST by Swordmaker

Earlier this year Forbes reported on an especially creepy strain of malware known as FruitFly targeting Apple Macs. At the time, it was unclear just what the spy tool was for, though it appeared to be used for surveilling people's personal Macs, in particular peeping at them through their webcam.

Now the U.S. Department of Justice has unveiled an indictment against 28-year-old North Royalton, Ohio, resident Phillip Durachinsky, who is not only accused of spying on Apple Mac owners via Fruitfly but also of producing child pornography. Prosecutors alleged Durachinsky had been installing spyware on people's PCs for more than 13 years "in order to watch, listen to and obtain personal data from unknowing victims."

Whilst his malicious tools found their way into individuals' computers, they also infiltrated PCs at companies, schools, a police department and the government, including a body owned by a subsidiary of the U.S. Department of Energy, according to the charges. FruitFly was capable of stealing files, pilfering passwords, as well as turning on the microphone and the camera. Thousands of PCs were infected, prosecutors said.

(Excerpt) Read more at ...

TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple; applepinglist; fruitfly; mac; malware; spying; spyware
It seems that FruitFly was also written for Windows PCs as well and likely originated on that platform. The evidence is that the author of FruitFly, an INTEL architecture based code exploit, has been using FruitFly for 13 years, yet Apple Macs were switched from PowerPC architecture base only 10 years ago. The earliest appearance of the FruitFly Code in a Mac library has been traced to a Mac running OSX.9 Mavericks which was first released September 2013, so it could have been infected at anytime after that. (Note, however, that the code is extremely simple, consisting of just two lines, and can run on any Mac with an Intel processor and a built-in camera) The implications are that FruitFly has been doing its malicious spying in the Windows PC world longer than in the Mac world.

Note, FRUITFLY was spread by two vectors: (1) a Trojan horse program using social engineering to get the user to download it and install it himself usually disguised as some useful utility or game, and (2) physical access to the target computer where the bad guy installs it.

As reported back in January 2017 when first identified, on Macs, FruitFly was found in very limited locations mostly related to biological research. Very few FruitFly malware were ever found in Macs belonging to private individuals or schools, etc., although there were some, but even then they were peripherally related to employees and families of the primary locations. FruitFly seemed to be very targeted to research in biochemical, genetics, and pharmaceuticals, hence the name "FruitFly."

Once FruitFly was discovered and its signature was identified, FruitFly was added to the library of malware that Apple’s MacOS built-in anti malware protections will identify and warn the user about before it can be downloaded, installed, or run, requiring an administrator’s name and password to continue with each of those steps. It takes an industrial strength stupid user to get infected with such a malware; the user has to not only ignore the clear warnings alerting him he is going to be infecting his computer with malware, he has to ACTIVELY ALLOW IT BY GIVING AN ADMINISTRATOR’S NAME AND PASSWORD THREE TIMES!

1 posted on 01/11/2018 2:11:23 AM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: dayglored; ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; Action-America; acoulterfan; ...
FruitFly Mac malware back in the news as man is charged for using it to spy on people. . . and for child pornography. One interesting thing is that FruitFly i has turned out to be a Windows PC malware too! In fact, perhaps it was Windows malware before it ever was Mac malware as this guy was using it for 13 years. It’s an Intel architecture based code, and Apple Macs only switched to Intel ten years ago. Also the earliest known Mac version is for only a four year old OSX Mavericks Mac. — PING!

FruitFly Malware Turns Out to Be Switch Hitter
Both Windows PC and Mac

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

2 posted on 01/11/2018 2:24:13 AM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 1 | View Replies]

Incidentally, all records indicate there have been approximately 400 Macs hit by FruitFly. . . at least that was the number that Malwarebytes found reporting to the FruitFly home server this guy had setup. Most of these were in the US. He later abandoned that server and Malwarebytes could see no evidence of efforts of the FruitFly creator to monetize the malware. For example no advertising, hijacking, or ransomware were installed on the targeted computers. It was theorized industrial espionage and/or perverse spying were possible motives by a single individual.

The article mentions “thousands” of computers, but that has not been reported in the tech Press as far as Macs are concerned. I’m wondering since they’ve gone back further and are now reporting the Windows PC involvement if the discrepancy has to do with those machines?

3 posted on 01/11/2018 2:42:37 AM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SunkenCiv

Thanks for the heads up!

4 posted on 01/11/2018 2:43:32 AM PST by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

Tape over the camera here...

5 posted on 01/11/2018 3:56:48 AM PST by null and void (Delusionals vs Deplorables. Guess who wins?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Meanwhile, another GOP governor bites the dust:

6 posted on 01/11/2018 4:31:19 AM PST by 9YearLurker
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void

“Tape over the camera here...”..

Same here.

7 posted on 01/11/2018 4:44:35 AM PST by DaveA37
[ Post Reply | Private Reply | To 5 | View Replies]

To: Swordmaker

The only foolproof defense is your nifty Intel inside sticker or electric tape over the lens.

8 posted on 01/11/2018 5:06:10 AM PST by ImJustAnotherOkie
[ Post Reply | Private Reply | To 1 | View Replies]

To: DaveA37
“Tape over the camera here...”.. Same here.

I have an old Mac webcam for an old Mac monitor, you rotate the lens and a cover closes over the lens. Ahead of its time. Too bad they don't build sliding covers into monitors that will allow you to cover the lens. As for us, we use post-it notes pasted over the lens, remove it as needed for video chats.

9 posted on 01/11/2018 1:57:50 PM PST by roadcat
[ Post Reply | Private Reply | To 7 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794 is powered by software copyright 2000-2008 John Robinson