In 2017, the ‘Fruitfly’ Mac spyware that specifically targets Mac products was revealed to the world following the arrest of its creator, Phillip Durachinsky who was indicted on 16 charges one year later in 2018. However, it was only a few days back when the FBI has finally cracked the case about how a 15-year-old spyware was used by a man from Ohio to spy on people, most of whom were minors.
“The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches,” said the FBI as reported by Bit Defender.
Durachinsky, who was a 14-year-old when he developed the malware, had used a technique known as ‘port scanning’ to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords. He then logged into these remote systems via the open service ports and installed and hid Fruitfly on users’ computers. This tactic served him well for 14 years until one lucky detection at the Case Western Reserve University.
Once infected, the hacker can use the Mac computer to use its camera to spy on the user and take photos and videos. The malware can also steal files, keyboard strokes, and listen to your conversations via the Mac’s built-in microphone.
To avoid being hacked, the FBI recommends users to set up stronger, more complicated passwords as well as to shut down the computer instead of putting it to sleep mode when not in use. Mac users are also advised to review the service ports their Macs are exposing online.
