A computer programmer from Ohio was recently indicted on 16 charges involving developing and using spyware to exfiltrate sensitive user data, and producing child pornography.
Developed for MacOS devices, the FruitFly malware is believed to have been infecting thousands of victims for over 13 years. Although security experts estimate that it remained undetected for years, possibly because it relied on unsophisticated code, 28-year-old Phillip R. Durachinsky, who is believed to have developed the spyware, faces charges of Computer Fraud and Abuse Act violations, Wiretap Act violations, and identify theft, amongst others.
“Durachinsky is alleged from 2003 through Jan. 20, 2017, to have orchestrated a scheme to access thousands of protected computers owned by individuals, companies, schools, a police department, and the government, including one owned by a subsidiary of the U.S. Department of Energy,” reads the statement by the US Department of Justice. “He is alleged to have developed computer malware later named “Fruitfly” that he installed on computers and that enabled him to control each computer by accessing stored data, uploading files, taking and downloading screenshots, logging a user’s keystrokes, and turning on the camera and microphone to surreptitiously record images and audio.”
Since the charges are still allegations, Durachinsky is considered innocent until proven guilty. However, he is also accused of having used some stolen credentials to access information for other websites, potentially extending the range of collected personal information from victims.
“For more than 13 years, Phillip Durachinsky allegedly infected with malware the computers of thousands of Americans and stole their most personal data and communications,” said Acting Assistant Attorney General John Cronan. “This case is an example of the Justice Department’s continued efforts to hold accountable cybercriminals who invade the privacy of others and exploit technology for their own ends.”
The malware is believed to also be compatible with Linux-based systems, as it shares similarities with MacOS code. If that’s the case, the extent of Fruitfly’s surveillance capabilities could be far greater than authorities first believed.