US charges man for spying on victims with Mac malware for 13 years

An American has been charged with spying on victims for 13 years with the homemade FruitFly malware. He created the malware in 2003, which functioned until early last year when security company Malwarebytes discovered it.

According to the indictment, the now 28-year-old American used the malware to spy on victims via webcam. Children were among them, so the indictment also mentions the production of child pornography. He also stole passwords and personal documents such as medical records and tax returns. He also saved millions of photos.

The malware dates back to 2003 and the American created the malware when he was 14. The program therefore contains ancient code, Malwarebytes noted when the company discovered the malware last year. This was apparent, among other things, from the calls that the malware made to address the webcam. The American from the state of Ohio did keep up with the software and added code to keep the malware running on new macOS versions.

After the discovery of Malwarebytes, another security researcher, Patrick Wardle, came up with an analysis of the backdoor. In it, he mentioned that FruitFly gives the impression that it was written by a person to keep an eye on specific individuals. The variant he looked at, FruitFly 2, could capture keystrokes, screenshots, and videos, and remotely control the cursor and keyboard.

He presented his findings at Black Hat in Las Vegas last year. Wardle tells ZDNet that FruitFly is an example of malware aimed at spying on regular users. “People often don’t worry too much. They say ‘the Russians’ or ‘the NSA’ and think they have nothing to hide.”