Feds charge ‘Fruitfly’ creator with hacking thousands of computers

An Ohio man faces a 16-count indictment for allegedly creating a piece of malware that spied on victims in order to commit a litany of crimes.

An Ohio man faces a 16-count indictment for allegedly creating a piece of malware that spied on victims in order to commit a litany of crimes, including the production of child pornography, according to federal prosecutors.

The government claims, Phillip R. Durachinsky, 28, ran a 13-year scheme from 2003 to Jan. 20, 2017 that infected thousands of computers with malware dubbed “Fruitfly.”

Victims include unknowing individuals, police departments, schools, companies and the federal government.

Fruitfly, which targeted Mac computers, allowed Durachinsky to take complete control of a computer including secretly turning on cameras and microphones to record video and audio. Durachinsky also allegedly used Fruitfly to steal personal data including their login credentials, tax records, medical records, photographs, banking records, Internet searches, and potentially embarrassing communications, according to federal prosecutors.


“This defendant is alleged to have spent more than a decade spying on people across the country and accessing their personal information,” First Assistant U.S. Attorney David Sierleja said in a statement.

Fruitfly was first discovered last year by MalwareBytes and then by Patrick Wardle, an ex-NSA analyst who saw around 400 infections. As Wardle predicted, that was just a fraction of the total number.

Most victims were American.

“For more than 13 years, Phillip Durachinsky allegedly infected with malware the computers of thousands of Americans and stole their most personal data and communications,” said Acting Assistant Attorney General John Cronan. “This case is an example of the Justice Department’s continued efforts to hold accountable cybercriminals who invade the privacy of others and exploit technology for their own ends.”

In an interview with CyberScoop, Wardle said he provided the FBI with technical information about FruitFly in late May 2017. The FBI was already on the case at that time. Until today, Wardle has been limited in what he could talk about regarding his findings.


Though Wardle only found roughly 400 victims through his analysis of FruitFly, the actual number of computers where the malware had been installed is in the thousands, based on court documents. The deliver mechanism for FruitFly remains unclear. Wardle said the primary purpose of FruitFly appeared to involve recording video content through compromised web cameras.

Fruitfly was predominately used to spy on children, said Wardle. The malware was specially programmed to alert the hacker whenever a victim logged into their computer or had typed a pornographic term. It’s likely such activity would prompt a recording session.

“The fact that FruitFly was able to remain undetected for 13 years, while the attacker infected 1000s of Macs to spy on children is both disheartening and sickening,” Wardle said. “I’m appreciative that the FBI made this case a priority and were able to track down and arrest the hacker.”

You can read the full indictment against Durachinsky below:

[documentcloud url=”” width=675 height=500]


Chris Bing contributed to this report.

Latest Podcasts