An Ohio man named Phillip Durachinsky, 28, has been charged with allegedly creating and using malware to spy on thousands of Mac users for more than a decade.
The details of how Durachinsky used the malware, dubbed “Fruitfly,” are also incredibly creepy. He not only collected personal and sensitive information from computers, but also used their microphones and webcams to watch and listen to thousands of victims, according to a recently unsealed U.S. District Court indictment.
According to a Justice Department press release, Durachinsky stole personal data such as login credentials, medical records, tax records and banking information. He also logged users’ keystokes, took screenshots, and used some of the audio and video he recorded to produce child abuse imagery.
There’s no end to the creepiness: the 28-year-old saved “millions” of images, kept extremely detailed notes on his victims, and even implemented a measure that alerted him if a user typed in words associated with pornography, the DoJ said.
The victims included individuals, schools, companies, a police department, and even federal government entities — including one connected to the U.S. Department of Energy. And Durachinsky primarily used Fruitfly to infect Mac computers, but the DoJ noted that he wrote variants of the malware that could compromise Windows-based machines, too.
But perhaps the most stunning thing about Fruitfly is how it managed to remain undetected for 13 years. According to Justice Department officials, the malware itself was relatively unsophisticated and easy to catch. And yet, no one did.
Durachinsky wasn’t even arrested for Fruitfly, either. Forbes reported that the Ohio man was charged about a year ago with hacking computers at Case Western Reserve University. He was caught when the university alerted the FBI of the infected computers. The Bureau found that those computers had been compromised for years, and that Durachinsky infected other universities. But the arrest apparently had nothing to do with Fruitfly.
The spyware was discovered last year when former NSA analyst and security researcher Patrick Wardle came across a new strain of Fruitfly. With further analysis, he found at least 400 infected Mac computers — and gave his information to the FBI, Forbes reported in July 2017.
Wardle told CNN that the length of the incredibly invasive hacking campaign was “mind-blowingly long.” He added that, while Mac malware isn’t as prevalent as PC viruses, Apple’s flagship computers can still be infected with malicious programs.
It’s currently unclear how Fruitfly infects computers. But there’s no indication that it exploited any security vulnerabilities, so it’s likely that it gained access to computers by tricking people into clicking on malicious links or email attachments.
Durachinsky is currently in custody. He is being charged with violating both the Computer Fraud and Abuse Act and the Wiretap Act, as well as for aggravated identity theft and production of child pornography.