Man Charged Over Super Creepy Apple Mac Spyware That Snooped On Victims Via Webcams

Earlier this year Forbes reported on an especially creepy strain of malware known as FruitFly targeting Apple Macs. At the time, it was unclear just what the spy tool was for, though it appeared to be used for surveilling people's personal Macs, in particular peeping at them through their webcam.

Now the U.S. Department of Justice has unveiled an indictment against 28-year-old North Royalton, Ohio, resident Phillip Durachinsky, who is not only accused of spying on Apple Mac owners via Fruitfly but also of producing child pornography. Prosecutors alleged Durachinsky had been installing spyware on people's PCs for more than 13 years "in order to watch, listen to and obtain personal data from unknowing victims."

Whilst his malicious tools found their way into individuals' computers, they also infiltrated PCs at companies, schools, a police department and the government, including a body owned by a subsidiary of the U.S. Department of Energy, according to the charges. FruitFly was capable of stealing files, pilfering passwords, as well as turning on the microphone and the camera. Thousands of PCs were infected, prosecutors said.

It seems that FruitFly was also written for Windows PCs as well and likely originated on that platform. The evidence is that the author of FruitFly, an INTEL architecture based code exploit, has been using FruitFly for 13 years, yet Apple Macs were switched from PowerPC architecture base only 10 years ago. The earliest appearance of the FruitFly Code in a Mac library has been traced to a Mac running OSX.9 Mavericks which was first released September 2013, so it could have been infected at anytime after that. (Note, however, that the code is extremely simple, consisting of just two lines, and can run on any Mac with an Intel processor and a built-in camera) The implications are that FruitFly has been doing its malicious spying in the Windows PC world longer than in the Mac world.

Note, FRUITFLY was spread by two vectors: (1) a Trojan horse program using social engineering to get the user to download it and install it himself usually disguised as some useful utility or game, and (2) physical access to the target computer where the bad guy installs it.

As reported back in January 2017 when first identified, on Macs, FruitFly was found in very limited locations mostly related to biological research. Very few FruitFly malware were ever found in Macs belonging to private individuals or schools, etc., although there were some, but even then they were peripherally related to employees and families of the primary locations. FruitFly seemed to be very targeted to research in biochemical, genetics, and pharmaceuticals, hence the name "FruitFly."

Once FruitFly was discovered and its signature was identified, FruitFly was added to the library of malware that Apple’s MacOS built-in anti malware protections will identify and warn the user about before it can be downloaded, installed, or run, requiring an administrator’s name and password to continue with each of those steps. It takes an industrial strength stupid user to get infected with such a malware; the user has to not only ignore the clear warnings alerting him he is going to be infecting his computer with malware, he has to ACTIVELY ALLOW IT BY GIVING AN ADMINISTRATOR’S NAME AND PASSWORD THREE TIMES!

FruitFly Mac malware back in the news as man is charged for using it to spy on people. . . and for child pornography. One interesting thing is that FruitFly i has turned out to be a Windows PC malware too! In fact, perhaps it was Windows malware before it ever was Mac malware as this guy was using it for 13 years. It’s an Intel architecture based code, and Apple Macs only switched to Intel ten years ago. Also the earliest known Mac version is for only a four year old OSX Mavericks Mac. — PING!

FruitFly Malware Turns Out to Be Switch Hitter
Both Windows PC and Mac
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

Incidentally, all records indicate there have been approximately 400 Macs hit by FruitFly. . . at least that was the number that Malwarebytes found reporting to the FruitFly home server this guy had setup. Most of these were in the US. He later abandoned that server and Malwarebytes could see no evidence of efforts of the FruitFly creator to monetize the malware. For example no advertising, hijacking, or ransomware were installed on the targeted computers. It was theorized industrial espionage and/or perverse spying were possible motives by a single individual.

The article mentions “thousands” of computers, but that has not been reported in the tech Press as far as Macs are concerned. I’m wondering since they’ve gone back further and are now reporting the Windows PC involvement if the discrepancy has to do with those machines?

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.