FBI solves mystery surrounding 15-year-old Fruitfly Mac malware

“The FBI has solved the final mystery surrounding a strain of Mac malware that was used by an Ohio man to spy on people for 14 years,” Catalin Cimpanu reports for ZDNet. “The man, 28-year-old Phillip Durachinsky, was arrested in January 2017, and charged a year later, in January 2018.”

“US authorities say he created the Fruitfly Mac malware (Quimitchin by some AV vendors) back in 2003 and used it until 2017 to infect victims and take control off their Mac computers to steal files, keyboard strokes, watch victims via the webcam, and listen in on conversations via the microphone,” Cimpanu reports. “Court documents reveal Durachinsky wasn’t particularly interested in financial crime but was primarily focused on watching victims, having collected millions of images on his computer, including many of underage children.”

“During all this time, one mystery remained. How was this malware infecting victims, and how was its creator spreading it around?” Cimpanu reports. “This mystery was solved earlier today by [former NSA analyst, Patrick Wardle], who discovered an FBI flash alert sent earlier this year, on March 5. Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords. He then logged into these remote systems via the open service ports and installed and hid Fruitfly on users’ computers.”

Read more in the full article here.

MacDailyNews Take: Yuck. Disgusting creeper.

Call us paranoid, but… that’s why we use camJAMR Webcam Covers on our Macs. They’re black, so they work perfectly with our iMacs and they’re removable/reusable. We’ve stuck and unstuck them hundreds of times. We just leave them on and peel them aside when we want to use the FaceTime HD camera cameras.

Man charged over ‘FruitFly’ Creepsterware; spied on users via infected Windows PCs’ and Macs’ cameras and microphones – January 10, 2018
Google engineer proves any iPhone app with camera permission can spy on you – October 26, 2017
Mac malware undetected for years allows webcam photos, key-logging, and more – July 25, 2017
Mysterious Mac malware ‘FruitFly’ has infected hundreds of victims for years – July 24, 2017
How to completely disable your Mac’s FaceTime camera – March 1, 2017
Newly discovered Mac/Linux malware ‘Fruitfly’ watches your every move – January 19, 2017
How to keep your Mac’s camera from spying on you, no tape required – December 8, 2016
Mark Zuckerberg covers his MacBook’s camera and microphone with tape – June 22, 2016
How to disable the iSight camera on your Mac – February 19, 2015
Orwellian: UK government, with aid from US NSA, intercepted webcam images from millions of users – February 27, 2014
Sextortion warning: It’s masking tape time for webcams – June 28, 2013
Research shows how Mac webcams can spy on their users without warning light – December 18, 2013
Ex-official: FBI can secretly activate an individual’s webcam without indicator light – December 9, 2013
Lower Merion report: MacBook webcams snapped 56,000 clandestine images of high schoolers – April 20, 2010


        1. … you are only admitting to being paranoid?
          As for “stupid”, can you at least admit to being poorly, wrongly, informed? Might you check Snopes.com on some of the supposed “facts” Faux Gnus has fed you?

  1. It took 15 years to figure this out? This is hacker 101 shit.

    “…Describing the Fruitfly/Quimitchin malware, the FBI said the following:

    The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches.
    In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords….”

  2. I have never seen anyone prove that the camera on the Mac can be accessed without the green light coming on. How does someone not notice the light randomly coming on?

  3. I see that the FBI arrested no one in the NSA for spying that’s countless times worse.

    Yes, the Police State should go after people who subvert our Mac gadgets but that it does not go after major criminals shows the disparity in apprehension.

  4. So this guy was 14 when he started (28 years old, doing it for 14 years). Hacking 101 indeed or he was quite the genius. In any case, this doesn’t make the FBI look too good.

  5. Can you smell the Russian #trollfarm at work again? As we head into the midterms, you can count on them to sow discord here and around the web. Any post that just goes 100% nasty political, applauded by posts with new made-up names, is suspect. It was so Apple-centric here over the Summer, but the #trollfarm work has now begun in ernest. Malware of another sort. Sad.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.