Tag Archives: Fruitfly

Ohio Man Indicted For Spying on People for 13 Years


A 28 year old Ohio man has been indicted for creating and installing malware on hundreds of Apple Mac and Microsoft Windows computers.

The man, Phillip Durachinsky, used the software to spy on people.  This includes recording what the camera and microphone pick up in the same room as the computer.

In addition to capturing audio and video, the software that he created also stole passwords and used that to access third party sites.  He also used the software to steal tax, medical and banking records and also photos and private communications.

The 16 count federal indictment includes the production of child pornography, so it doesn’t take much to figure out if you kid had a Macbook in the bedroom and it was infected, this guy may have captured video of your kids doing whatever and, apparently, while naked – something that doesn’t seem completely unexpected in a bedroom, but which you and your kids certainly do not expect.  People expect to be safe and secure in their bedroom.

The software alerted him when the user used certain search terms, such as pornography.  People who watch porn might be doing certain things while naked, hence the charge of producing child porn. Kind of boggles the mind.

As an indication of how deranged this guy is, he is alleged to have kept regular, detailed notes.

Durachinsky, who is 28 now, has been spying on people for the last 13 years, according to the feds, so he must have created this software when he was around 14 or 15.  If it weren’t so warped, the skill would be pretty impressive.

What has not been revealed yet is the total number of computers infected or the number of people affected.  It is also not clear how much video exists and if the video has been published or if he was keeping it for himself.  Given that he was charged with PRODUCING child porn and not with DISTRIBUTING child porn, you might conclude that he was not selling or giving away the video that he captured.

The researcher who found the software, called Fruitfly, discovered it on at least 400 Macs, so it looks like the software was not widespread.

A simple way to protect yourself, at least in part, is to join the ranks of Facebook founder Mark Zuckerberg and former FBI Director James Comey and cover your laptop camera with a piece of opaque tape.  Many companies make small devices that you can slide back and forth or remove that are a little more elegant than black electrical tape.

For parents, have kids close the lid on their laptops when they are not using it and, of course, do not use your laptop when you are sans clothing.

It is a sad thing that you have to worry about such things.

Information for this post came from CNN.

Facebooktwitterredditlinkedinmailby feather

Mac Malware Uses Antiquated Code

A new piece of Apple Mac malware was discovered recently but may have been running around the Mac universe for two years.  The malware dubbed Fruitfly by Apple, is apparently a pretty simplistic piece of code.  It can capture webcam images , screenshots, information about every device on the network and then tries to connect to each of the devices that it found.

The malware was discovered by an administrator who saw unexpected outbound traffic from his network.  I am not sure how many admins would detect suspicious traffic coming from one computer.

The code uses programming functions that were popular prior to 2001 and uses a code library that was last updated in 1998.

There are also some other markers – a comment in the code – that indicates that, at least this version of the malware was released after OS X Yosemite was released in 2014 – but that means that it could have been infecting machines for more than two years.

Given this information, it is certainly possible that the code could be a decade old and updated as needed as Apple modified OS X.

Pure speculation is that the malware was only used in very targeted attacks, POSSIBLY by the Russians or Chinese, to steal US and European scientific research.

Malwarebytes now detects the software as OSX.Backdoor.Quimitchip.

As is often the case with malware these days, once the malware is installed, it downloads other modules from its command and control server.  For example, it was detected downloading several Perl scripts – used to map the network and attempt to logon to other machines.

Apple has released an update that will protect against future infections.  One article says that the Apple patch will detect currently infected machines but another one says future infections, so that part is not clear.

As a side note, the code also runs on Linux machines with the exception of one module which is a Mac binary, so even computers running Linux are not safe.

So, while Mac virus are still very rare, as Microsoft locks down Windows, hackers are branching out and looking for new opportunities.  If it is true that this malware was used to steal scientific and biomedical research, it makes sense that it would be geared towards Apple and Linux computers.

Information for this post came from Ars Technica and Malwarebytes Blog.

Facebooktwitterredditlinkedinmailby feather