Fruitfly Malware Creator Allegedly Spied on Victims for 13 Years
An Ohio computer programmer has been indicted for a 13-year malware campaign during which he stole sensitive personal data (PII), eavesdropped on conversations and even produced child pornography.
Phillip Durachinsky, 28, of North Royalton, Ohio, is facing 16 counts of Computer Fraud and Abuse Act violations, Wiretap Act violations, production of child pornography and aggravated identity theft.
He’s said to have developed the malware known as Fruitfly, which allowed him to remotely access and control victim machines, although it’s not clear how he installed the malware.
This allegedly allowed him to steal reams of sensitive PII including online credentials, tax records, medical records, photographs, banking records and internet searches.
He’s also accused of taking screenshots, logging keystrokes and recording audio/video via the victim machines’ webcams and microphones.
This allegedly allowed Durachinsky to watch and listen to victims without their knowledge. The malware also alerted him when users typed in words associated with pornography, according to the Department of Justice.
The indictment claims he saved millions of images and kept detailed notes of what he saw.
Durachinsky is not only accused of snooping on home users. The DoJ claimed he also installed Fruitfly on computers in private enterprises, schools, a police department and even the government, including one machine at a subsidiary of the US Department of Energy.
“Durachinsky is alleged to have utilized his sophisticated cyber skills with ill intent, compromising numerous systems and individual computers,” said special agent in charge Stephen Anthony.
“The FBI would like to commend the compromised entities that brought this to the attention of law enforcement authorities. It is this kind of collaboration that has enabled authorities to bring this cyber hacker to justice.”
The case answers many questions raised by security researchers when they first discovered Fruitfly, with some even claiming it could be the work of a nation state.
Source: Information Security Magazine