14-year-old hacker developed Fruitfly backdoor surveillance Mac users over 13 years
Allegedly 28-year-old Ohio man Durantzenzich was the founder of Mac malware 10 years ago, the hacker as early as the age of 14 to write the Fruitfly back door, the back door can be used to remotely monitor thousands Million unaware Mac users.
Fruitfy is a highly intrusive Perl malware that allows attackers to quietly control infected computers-including their cameras and microphones-to see what’s on the screen, to control the keyboard and mouse, and to remotely download files.
According to the indictment issued on January 10, 2018, Durantzinski infects thousands of computers with Fruitfly and includes a government device designed to steal personal data such as tax and medical records, banks Information, and password content. In addition, he is accused of remotely viewing and monitoring victim activities and storing “millions of pictures”, including a large number of children’s pictures. Prosecutors from the U.S. Department of Justice accuse Durantinski of producing child pornography, and prosecutors also stress the existence of fraud and eavesdropping on the malware.
Malwarebytes, a security company, discovered the malware Fruitfly only in January 2017, forcing Apple to issue a malware signature update to lock down Fruitfly, the victim’s computer malware, to protect the users.
Later in 2017, currently serves as Digita Security chief research officer Patrick · Waddell the malware code reverse-engineered and launched its own command and control (C&C) server, then behind from infected The huge infected network built by Mac computers really surfaced.
Waddell explained in an interview after the indictment on January 10, 2018, that there was solid evidence that the customized malware created by Durantzinski targeted users in a highly targeted manner and had remained in the past 13 years Secret activity.
A further study found that Wadel was able to find thousands of malware victims. He registers the malware code as the domain to which the backup target points, so that when the main command server goes offline, all victim computers captured by the malware can be viewed.
Waddell said, “Once the malware is plugged into my server, I log the information and close the connection, so now I have all the IP addresses and the names of the victims.” He added at the same time that this seems to be a Continued cyber espionage, a wide range of Mac personal computers are Durantzenki’s goal.
Former US National Security Agency staff Waddell has been to build free Mac security tools and publish malware analysis Bowen is known. He has briefed the FBI on a list of known victims, reported both his technical analysis and his visit to the C & C server. Allegedly, the FBI has begun to investigate the malicious software, but the motivation behind the software is not yet clear. Among the ongoing investigations, Wadel also provided the FBI with a technical analysis of the malware. In the meantime, the FBI is also looking for help from Apple.
According to Waddell, Apple seems to be highly concerned about the negative impact this may have on the media. He sees this as a “turning point” in his relationship with Apple and describes the incident as “a classic example of how Apple’s priorities are judged.”
“I would not blame Apple for blaming malware on Mac devices,” Waddell said. “From my perspective, Mac users should be aware that their home environment may have been of concern to morbid hackers, but Apple is still Constantly emphasizing the marketing hype conclusion that Mac devices are so secure can have the serious side effect of making Mac users overconfident. ”
Waddell then made the first Fruitfly analysis available at the Black Hat Security Conference in Las Vegas in July 2017, and the malware is no longer active, but the malware is not bad for the security industry “Alarm bell.” Currently, the C & C servers have also been closed, and one suspect has been prosecuted and is awaiting trial.
Waddell said computers can be easily turned into espionage devices, but people do not usually worry about them – their idea is simple, they do not have Russians or NSA interests in their devices. But in fact, there are other psychologically distorted people in the world trying to invade your computer.