Man used Fruitfly Mac malware to spy on US citizens for 13 years

In 2017 we reported about a notorious malware that was capable of spying upon people through capturing screenshots and webcam footages. Dubbed as Fruitfly or Quimitchin, the malware was identified by chief research officer at Digita Security, Patrick Wardle, and was found in at least 400 computer devices across the United States while it affected Windows, Mac and Linux based devices.

Reportedly, the malicious software spied upon unsuspecting citizens for decades. At that time, security experts weren’t able to identify the attacker responsible for compromising so many devices neither did they manage to find out the purpose of infiltration. However, after a year-long investigation by the FBI, we have managed to provide answers to all the questions.

In Ohio federal court, an indictment has been filed against an Ohio citizen citing that he is the creator of Fruitfly and that the person, namely Phillip R. Durachinsky, used the malware for nearly 13 years. During this time, the defendant managed to infect thousands of computers and stole millions of images.

Prosecutors allege that the 28-year old defendant used Fruitfly to activate microphones and cameras when required, capture and download screenshots, record keystrokes and steal medical records, tax records, pictures, bank transaction details and web surfing history. Moreover, Durachinsky used the login credentials stolen from infected computers to access third-party websites and download information from them.

In certain situations, Fruitfly alerted Durachinsky whenever a user entered a search keyword related to porn. The suspect is also accused of targeting individuals and infecting computers owned by law enforcement departments, schools, organizations and federal government institutions including a subsidiary of the US Department of Energy.

In a press release, the Department of Justice further revealed that the accused is also alleged to have “watched and listened to victims without their knowledge or permission and intercepted oral communications taking place in the room where the infected computer was located.”

The 16-count indictment was announced by the US Department of Justice on Wednesday in which the accused is charged under the Computer Fraud and Abuse Act, aggravated identity theft, Wiretap Act and production of child pornography. It was alleged that the accused created Fruitfly primarily to invade Mac and Windows devices. The malware was developed between 2003 and 2017.

Currently, it is unclear how the malware managed to infect computers and if any vulnerabilities were exploited for this purpose. It is believed that the malware tricked targets into clicking on infected websites or email attachments to compromise computers. The indictment also does not provide details about the Windows and Linux version of Fruitfly.


Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'