Just hours ago, the US Department of Justice (DOJ) has filed official charges against an Ohio man for allegedly developing and infecting thousands of Americans with the Fruitfly Mac malware.
According to a copy of the indictment, the suspect's name is Phillip R. Durachinsky, 28, of North Royalton, Ohio.
Authorities believe Durachinsky developed Fruitfly, a Mac spyware strain that has been active since 2003 and has infected thousands of computers.
The DOJ claims the suspect allegedly used the malware " to steal the personal data of victims, including their logon credentials, tax records, medical records, photographs, banking records, Internet searches, and potentially embarrassing communications."
In addition, Fruitfly gave Durachinsky the ability to spy on victims by secretly turning on the computer's microphone and webcam.
More disturbingly, the DOJ claims Durachinsky configured Fruitfly to alert him whenever a user typed words associated with pornography.
US officials say the suspect saved millions of images from victims' computers and often kept detailed notes of what he saw. Further, authorities say that he also used stolen credentials to access and download users' data from third-party websites.
The FBI arrested Durachinsky in January 2017. According to local newspaper Cleveland Scene, the FBI Cleveland branch was investigating a malware incident at the Case Western Reserve University. Investigators found the FruitFly malware on the University's computer systems, and the trail led investigators back to Durachinsky.
Back in January 2017, Malwarebytes noted that detections for a newer version of the Fruitfly malware mysteriously popped up on its scanners after years of inactivity.
Malwarebytes noted that this new Fruitfly version also included routines that would have allowed it to execute in some limited capacity on Linux systems.
The FruitFly malware was also the subject of a presentation at the Black Hat USA 2017 and DEF CON 2017 security conferences. The presentation is available here in PDF format, but also as a 20-minute YouTube video, embedded below.