Malware creator charged for 13-year spying spree

He allegedly stole data and collected porn based on victims' searches.

Sponsored Links

Reuters/Jonathan Ernst
Reuters/Jonathan Ernst

You don't need an elaborate crime ring (or a government agency) to write malware that spies on others -- sometimes, just one person can be responsible. The US Department of Justice has charged Ohio resident Philip Durachinsky with 16 crimes for allegedly writing malware, nicknamed "Fruitfly," that gave him unfettered access to the PCs of "thousands" of individuals and institutions between 2003 and January 2017. Reportedly, he not only stole sensitive data to use for fraud and blackmail (such as logins, embarrassing chats and medical records) but took screenshots, logged keystrokes and spied on people through their webcams.

The DOJ also alleged that Durachinsky used victims' PCs as a kind of malicious search engine. Fruitfly would alert him when users typed in words associated with porn, helping him save "millions" of images and take "detailed notes." The charges (which mostly cover violations of the Computer Fraud and Abuse Act and the Wiretap Act) include an indictment for the production of child porn, but it's not clear to what degree the images or the eavesdropping were involved.

Whether or not the charges are validated in court, the claims serve as not-so-subtle reminders that backdoor malware can sometimes be created for entirely personal reasons, not just by gangs looking for profit or spies collecting intelligence. You don't have to be an obvious target to be a victim, and good security policies are important even if you don't think you have anything particularly valuable.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget