An Ohio man is facing charges for creating the Fruitfly malware that went after Windows and macOS systems.
Phillip R. Durachinsky, 28, of North Royalton, Ohio was indicted for 16 separate charges, including computer fraud and abuse act violations, wiretap act violations, production of child pornography, and aggravated identity theft, according to officials at the U.S. Department of Justice (DoJ).
Durachinsky used the malware to steal personal data of victims, including passwords, medical records, banking credentials, Internet searches, and messages, while also taking screenshots, logging their keystrokes, and even turning on computers’ cameras to spy on them, officials said.
The malware ended up created in 2003 when Durachinsky was a teenager, but it’s been used for more than 13 years to infect thousands of computers owned by consumers across the world, but also those operated by companies, schools, a police department and even the US government, DoJ officials said.
The FBI seized laptops, hard drives and vaults from Durachinsky that had more than 20 million files, according to a court filing from Assistant U.S. Attorney Daniel Reidl. It found thousands of potential victims during the past year.
DoJ said one system owned by a subsidiary of the Department of Energy ended up compromised with Fruitfly, though no details were provided as to what information was stolen.
“This defendant is alleged to have spent more than a decade spying on people across the country and accessing their personal information,” said First Assistant U.S. Attorney Sierleja.
The malware was capable of alerting the hacker when users were searching for adult content, and Durachinsky often saved their searches and kept notes of what they were looking for. He also intercepted chats and video calls performed on the compromised computers.
“Durachinsky is alleged to have utilized his sophisticated cyber skills with ill intent, compromising numerous systems and individual computers,” said Special Agent in Charge Anthony.
Security researcher Patrick Wardle discovered the malware last summer after looking into backup domains that infected systems connected to, and in two days, 400 Macs with IPs based in the U.S. attempted to establish a connection with his server.
The hacker was arrested in January last year and has been in custody since then, and if found guilty, he will spend a long time in prison.
Click here to read the indictment.