You might remember the sinister Fruitfly malware that came to light last year. It appeared to be able to spy on victims via webcams, take screenshots, modify files, and take complete control of a system. Now, it’s been revealed that the person behind Fruitfly had been infecting unsuspecting users for 13 years.
The US Department of Justice has revealed an indictment against 28-year Phillip Durachinsky, of North Royalton, Ohio. Prosecutors say he created Fruitfly and started spreading the malware when he was a teenager in 2003 “in order to watch, listen to and obtain personal data from unknowing victims.”
He allegedly used his creation to turn on thousands of infected systems’ microphones and webcams, capture images, log keystrokes, and steal tax and medical records, photographs, Internet searches, and bank transactions. It could even alert him when victims typed in search queries related to porn.
In addition to targeting individuals, Fruitfly made its way onto computers at various companies, police departments, schools, and a subsidiary of the US Department of Energy. It was initially discovered to be targeting macs, but he allegedly developed versions that could infect Windows and Linux systems, too.
It appears that Durachinsky may have sold some of the data and images he acquired through Fruitfly, as prosecutors have asked the court for an order requiring he forfeit any property derived from his campaign.
Security firm Malwarebytes discovered Fruitfly in January last year, forcing Apple to issue a patch. But six months later, Patrick Wardle, currently chief research officer at Digita Security, showed that the malware was still out in the wild, just not as widespread. He told Forbes that Fruitfly had been used to spy on children.
Separately, Durachinsky is facing child pornography charges. The DoJ claims he “did use a minor and minors to engage in sexually explicit conduct” to produce “a visual depiction” of this conduct,”knowing that it would be transmitted to others.”
It’s still not known how Fruitfly infected computers, though it’s suspected it was via malicious web links and email attachments.
According to Forbes, Durachinsky has been in custody since he was arrested in January last year and is now awaiting trial.