Fruitfly

Fruitfly is a malware that was first observed in February 2017. It is possible that Fruitfly had been active for at least a decade before malware analysts detected it. Fruitfly is designed to spy on its victims and was created to target computers using the Mac OS operating system. Law enforcement officials, revealing the Fruitfly’s threat, caught Fruitfly’s creators. Fruitfly was mainly delivered to the victims by taking advantage of poorly protected ports online and taking advantage of poor password protection on the victim's computers. Typically, attackers using Fruitfly would search the Web for open ports and poorly protected Remote Desktop Protocol accounts. However, it is still not transparent how exactly Fruitfly was being distributed since, at this time, the most publicized attacks involving Fruitfly are related to a single criminal individual who used Fruitfly to collect information for his gain. It is possible that social engineering may have played a large part in the distribution of Fruitfly.

Why Fruitfly Should be Removed from an Infected Computer

Once Fruitfly's controller gains unauthorized access to the victim's computer, a map of the computers connected to the infected computer via the same network can be created. This can include the devices' IP addresses, open ports, and what device type it is, which can be used to continue spreading Fruitfly to other devices. The main reason why Fruitfly was not detected for such a long time was that Fruitfly had only been installed on a very small number of devices. Typically, Fruitfly was using old function calls in its attacks, with only minor updates to keep up with the development of the Mac OS operating system.

How Fruitfly Was Being Used

According to law enforcement reports, Fruitfly's author was using Fruitfly to collect data from the victims. Typically, Fruitfly was monitoring its victims using their Webcam and photos of the victims were being gathered, invading their privacy. Fruitfly can be used to stream video from the infected computer, and also can be used to upload data to the infected computer. Fruitfly also can be used to monitor the keystrokes on the infected computers, record audio using the infected computer's microphone, and carry out other attacks. Fruitfly is a simple program written in Perl and uses techniques that allow it to remain onto the victim's computer when the operating system is rebooted. Fruitfly loads from a hidden folder contained in the primary drive partition. PC security researchers detect Fruitfly as OSX.Backdoor.Quimitchin. The certain way to ensure that you are protected from Fruitfly is by using a strong security program that is fully up-to-date and capable of detecting Fruitfly. It also is mandatory to prevent possible infection avenues by protecting all devices with strong passwords and security measures.

Details of the Fruitfly Attack

Fruitfly had been installed on hundreds of computers around the world. An indictment in a federal court in Ohio has determined that Fruitfly was created by an individual in this state that used it to collect millions of pictures over the course of 13 years. Using Fruitfly, the criminal responsible for this attack, Phillip Durachinsky, was able to use the victims' cameras and microphones to collect all data, including tax and medical records. Fruitfly also was designed to alert this criminal when the victim typed words related with pornography, possibly as a way to extort the victims of the attack. The criminal responsible for Fruitfly also has been accused of child pornography charges due to the fact that some of the collected data included visual depictions of minors engaging in sexual conduct, which were then sold. The criminal responsible for Fruitfly was arrested in January 2017 for a separate hacking charge and only recently the complaint related to Fruitfly was filed.