Justice Dept. indicts Ohio hacker for writing Fruitfly malware to spy on thousands of Mac users

[RV_]

OK folks, I had this for a couple of days but waited until it hit the national media. You can ignore it if you want or try to blame the messenger. One Mac owner here appreciates that I don't avoid Mac vulnerabilities when they are found. It is disturbing that many Mac owners, about 5%-8.5% of the PC market share, are less concerned with security as they are about their false narrative that Macs are inherently secure. The Intel processor flaws Meltdown and Spectre are both just as vulnerable as Windows machines because Apple chose to switch over to Windows developed Intel chipsets in 2005, the x386 architecture. Fruitfly is simple malware written specifically for Macs 14 or so years ago by a 14 year old, now 28 and in jail.

Wardle, the ex NSA guy who found the bulk of the infected computers also writes free security software for Macs to prevent these types of attacks and more. Here's a novel idea! Humor everyone that is a security expert and can reverse engineer malware to defeat it, and install security malware despite disagreeing with the actual vulnerabilities of Macs. Let me remind you, a 14 year old did this intentionally. How many 14 year olds do you know that can already use computers in ways we never thought to do like Blockchain? This infection is against Mac software. The excerpt with direct links to Wardle's security software will be at the bottom of this post.

The other vulnerabilities that affect Macs and Windows are the Intel hardware defects I already posted here.

Excerpt:

"A 28-year-old Ohio man has been named by federal prosecutors as the alleged author of a decade-old Mac malware, which he is accused of using to remotely spy on thousands of unsuspecting victims.

Phillip Durachinsky, 28, a resident of North Royalton, Ohio, is accused in an indictment of building Fruitfly, a highly-invasive Perl-based malware that can allow the controller to secretly take complete control of an infected computer -- including recording from the webcam and microphone, viewing what's on the screen, controlling the keyboard and mouse, and remotely downloading files.

Durachinsky, who was 14 years old when he allegedly wrote the malware, used Fruitfly to infect thousands of computers -- including one government-owned machine -- to steal personal data, like tax and medical records, banking information, and passwords, according to an indictment filed Wednesday.

He's also accused of remotely watching and listening to victims, and saving and storing "millions of images," including images of countless children -- leading prosecutors to charges of the production of child pornography.

Fruitfly was discovered a year ago by security firm Malwarebytes, forcing Apple to issue a patch -- which protected users by locking the alleged malware controller out of his victims' computers for good.

But it was later in the year when Patrick Wardle, who now serves as chief research officer at Digita Security, reverse-engineered the malware's code and fired up his own command and control server, revealing an insidious network of infected Mac computers.

"Here we have an example of someone who's created custom malware, targeting users very selectively, and keeping a low profile -- for what, 13 years," Wardle told ZDNet in a phone call Wednesday, after the indictment was filed.

"The fact that this guy was able to do this for over a decade is mind-blowing," he said.

Through his work, Wardle was able to identify thousands of victims of the malware. He registered the domain names that the malware's code pointed to as a backup, in case the primary command servers ever went down, and started to see his screen fill up with victim computers ensnared by the malware.

"Once the malware would connect to my server, I would just log that and close the connection -- so now I had all the IP addresses and names of the victims," he said.

He thought it was a cyber-espionage campaign in progress but the malware seemed to target everyday people. Most of the victims were located in the US, he said.

Wardle, a former NSA employee who is well known for building free Mac security tools and blogging his malware analysis, informed the FBI and provided a list of known victims, his technical analysis, and access to the command and control servers. The FBI is said to have already opened an investigation into the malware, but the motives of the malware's author weren't immediately clear.

Wardle provided the FBI with technical insight into the malware amid the ongoing investigation. The FBI also sought help from Apple.

But Apple was, according to Wardle, more focused on the prospect of negative media attention.

He said that was a "turning point" in his relationship with Apple, describing it as a "striking example of what Apple's priorities are."

"I don't blame Apple for the malware that broke into all these Macs," he said. "From my point of view, it's imperative that everyday Mac users should be aware that there are these sick, perverse hackers out there who are targeting their families. And we have Apple continually pushing out this marketing propaganda that Macs are so incredibly secure. But the side effect of that is that Mac users become naive or over-confident."

"That's not necessarily Apple's fault but [the company] should take some responsibility," he said.

Apple did not respond to a request for comment."

That article with related links is here: http://www.zdnet.com/article/ohio-hacker-indicted-fruitfly-malware-spy-on-thousands-of-mac-users/

Here's the one that explains it in simpler terms: http://www.zdnet.com/article/new-attack-can-stealthily-monitor-your-mac-video-calls/

Here is another article from Forbes: https://www.forbes.com/sites/thomasbrewster/2018/01/10/man-charged-over-super-creepy-apple-mac-fruitfly-malware/#43d9c15273b9

Where is the free security software?

"Wardle told me in an email that when a person legitimately uses their webcam or microphone, it's typically for more sensitive things, such as a journalist talking to a source, or an important business meeting with an executive, or even a person's private FaceTime conversation with their partner -- all of which could be invaluable for surveillance.

Enter his new tool, Oversight, which aims to block rogue webcam connections that piggyback off legitimate video calling apps, and alerts you when your microphone is in use."

http://www.zdnet.com/article/new-attack-can-stealthily-monitor-your-mac-video-calls/

[Barbaraok]

Since Apple has already updated security to take care of this, what is it you want people to do?   And what responsibilities does Apple have in regards to hacking?  As more people buy Apple products, more hackers will try to hack them.  Apple gets out security updates quite often.  It is the responsibility of the users to update when they come.  Most of us do, but it seems that a lot want to see us do ‘oh the sky if falling,’ posts and I’m not sure why?  Are some to complacent and download stuff from unsafe websites?  They sure do.  Is that Apple’s fault?  How?  

[RV_]

Umm,

The article was about how a 14 year old hacker did hack into any Mac. You are gonna love the next article about how badly Apple handled its iPhone battery issues. They are supposed to be as accountable as Microsoft.

Apples market share is shrinking. it was -9.8% in the last 2015/2016 data available. (source: Business Insider http://www.businessinsider.com/apple-mac-lost-most-pc-market-share-in-2016-chart-2017-1)

Your Mac uses a chip set developed for Windows since 2005. Remember back when Apple folks referred to Intel as part of the "Evil Wintel." If you google that term it stopped being used in 2005. Exactly after Jobs told the Apple users that he was making their "not PC",  a PC, and switching to Intel chip sets made for Windows.

What the author was saying is that it might be wise to use his free or another good Mac anti Malware program to provide protection from zero day malware that is not patched until it gets found in the wild like this one.

What responsibility does Apple have? To stop pretending that their systems can't be hacked.

Do some very few Mac users have anti-malware on their systems? I am sure there are some.

This is written for Mac users not Apple. If the software vendor is not at fault then why switch from Windows because of one malware attack? Why would one imagine their system is secure from zero day stealth infections?

The patches come out after there have been significant numbers of people infected. Look up Eleanor malware for Macs. Wardle is ex NSA and knows what they do too. Interestingly these other thousands were still infected that he found.

He suggests:

"Wardle provided the FBI with technical insight into the malware amid the ongoing investigation. The FBI also sought help from Apple.

But Apple was, according to Wardle, more focused on the prospect of negative media attention.

He said that was a "turning point" in his relationship with Apple, describing it as a "striking example of what Apple's priorities are."

"I don't blame Apple for the malware that broke into all these Macs," he said. "From my point of view, it's imperative that everyday Mac users should be aware that there are these sick, perverse hackers out there who are targeting their families. And we have Apple continually pushing out this marketing propaganda that Macs are so incredibly secure. But the side effect of that is that Mac users become naive or over-confident."

"That's not necessarily Apple's fault but [the company] should take some responsibility," he said.

Apple did not respond to a request for comment."

 

[Barbaraok]

Apple doesn't say that it's system can't be hacked.   It does say that it is hard if you follow prudent steps.  It does warn people that they need to do security updates and that the safest way to add new programs is to get them through the Apps Store. Lots of info on the Apple Support Discussion forum that every owner has access to and is encourage to ask questions there.   And this is bad?  

Besides updating security when they found out about the hack, what did you want them to do?  Public mea culpa? 

BTW - this has been discussed for the past 6 months on the Apple Support Discussion forum.  To see if the malware Is on a computer:  

Quote

Jul 24, 2017 4:35 PM in response to Lourufmom

You can look to see if you have a .client file in your home. Copy paste this in Terminal:

ls -al ~/

If you don't see .client listed there, you are not infected by the variant reported in the article. The article also states it was blocked by Apple months ago, and they were not sure if any new variants existed and if they were patched, too.

 

[RV_]

Barb,

The articles started out that it was discovered a year ago. Then goes on to say only more recently, when he reverse engineered the malware, was he able to find thousands more infected Macs phoning home when the users were using the camera or went to porn sites or other websites he programmed it to phone home for. I highlighted in red what was there from the start. Barb, if the patch was enough why are thousands of systems still subject to this digital "Peeping Tom" using Apple's vulnerabilities still, patched or not.

Fruitfly was discovered a year ago by security firm Malwarebytes, forcing Apple to issue a patch -- which protected users by locking the alleged malware controller out of his victims' computers for good.

But it was later in the year when Patrick Wardle, who now serves as chief research officer at Digita Security, reverse-engineered the malware's code and fired up his own command and control server, revealing an insidious network of infected Mac computers.

"Here we have an example of someone who's created custom malware, targeting users very selectively, and keeping a low profile -- for what, 13 years," Wardle told ZDNet in a phone call Wednesday, after the indictment was filed.

"The fact that this guy was able to do this for over a decade is mind-blowing," he said.

Through his work, Wardle was able to identify thousands of victims of the malware. He registered the domain names that the malware's code pointed to as a backup, in case the primary command servers ever went down, and started to see his screen fill up with victim computers ensnared by the malware.

"Once the malware would connect to my server, I would just log that and close the connection -- so now I had all the IP addresses and names of the victims," he said.

He thought it was a cyber-espionage campaign in progress but the malware seemed to target everyday people. Most of the victims were located in the US, he said.

"But Apple was, according to Wardle, more focused on the prospect of negative media attention.

He said that was a "turning point" in his relationship with Apple, describing it as a "striking example of what Apple's priorities are.

Apple did not respond to a request for comment."

I get it, Apple and many users don't like this stuff public, but that ship sailed last week, Barb.

Let's hope the two new Intel chip defects that Windows, Macs, and Linux all have because they all three use the same x86 architecture that Microsoft developed with IBM/Intel back in the early 80s and adopted by Apple in 2005.

 

[eddie1261]

Buyer beware. If you believe Apple telling you that the check is in the mail, so be it. Apple will walk away from this clean.

[Barbaraok]

As I said, the info was out on the Apple Discussion forum last year,  including info on how to find out if one was infected, steps to take for FruitFly2, etc.   I can not help if Mac/iPhone/iPad owners do not read the Apple support forums, etc.   The hatred towards Apple has always amazed me.  No one is forced to buy an Apple, so if you have something else, why would anyone care what Apple does?   We've had a Mac since 1984 (in fact still have the original), we have a nice retirement in part due to Apple, have been through the "will die next month" so many times I lost count.   But if this hatred rocks your boat - be my guest. 

[RV_]

36 minutes ago, Barbaraok said:

". . .The hatred towards Apple has always amazed me.  

. . .have been through the "will die next month" so many times I lost count.   But if this hatred rocks your boat - be my guest. 

Barb,

"It will die next month?"

Hatred rocking my boat??

Enjoy one of my poems.

 

The Bridge

When each we come from different paths, and on the road should meet,

We bring along the baggage of our land, our home, discreet.

On each side of a bridge we stand, our baggage still secured,

Until such time we see some sign, familiar, reassured,

 

It might start with the other, as they open just one case,

To show you from a distance where they come from far apace.

From the strangeness of their costume, they draw a flag of white,

Seeking only to get by you not desiring fight or flight.

 

Or you might first draw sword, seeking only that they see,

You're well prepared, if fight you must, and "no one treads on me!"

For in the past when faced with folk from far and distant land,

A sword was always safer when you did not understand.

 

The impasse now has widened, and the other side must choose,

What to show, or what to say, and what they stand to lose.

So the leader of the others shouts across the chasm span,

But the language vastly different your group doesn't understand.

 

In the presence of the foreign, kinsman all draw out their sword,

As you both eye one another, seeking any common chord

Or a sign of any weakness, any sign of  hidden strength,

To gauge the danger each must face to cross that bridge's length.

 

Some kinsmen shout in anger, while some others shout in glee,

As they have no way of dealing, with those others peacefully

Still others silent, thinking, of a way to cross that span,

Courage yes, they do possess, but value every man.

 

A few they count in quiet, all the baggage that they see,

Negotiate! they say out loud, while plotting treachery.

Some also gaze across that span enthralled by the display,

Exotic folk, and foreign ways unknown until today.

 

You weigh each of your options, you weigh each of your risks,

And think of every time you’ve faced, men's honesty and tricks

But the basic confrontation, the decision you must make

Depends upon the course you think, the other side will take.

 

Not knowing what they're thinking, unknown if they are just,

No way to gauge, how they'll behave, yet cross that bridge you must.

Unknown the mind of strangers, you turn to your only source,

For the only mind that you can read sits high atop your horse.

 

If the mind you see is frightened, you'll assume the same of him,

If the mind you see is evil, you'll be first to do him in,

And the minds of all his kinsman must of needs be same as yours,

Sheath your sword?  Hold it high?  Another stab at words?

 

If the mind you see is gracious, your rule noblesse oblige,

Would that not, if of like minds, eliminate the siege?

Perhaps they won't be allies if beliefs that they hold dear,

Were found to be too different, were something that you'd fear.

 

Were it not the fate of man to bear the lonely cross,

Of isolation, of each mind, and fear of any loss,

Then bridges would not pose the threat we find most every day

Our swords would disappear, and we’d all be on our way.

©Derek Gore/RV Roadie 2006 All Rights Reserved.  Three rights is left.

 

 

 

[bja1234]

Very Nice

 

[TheDuke]

RV: who in the world posted anything about Apple dying next month. Just Barb trying to shift the posting to something else.

Barb: so you say that if I own an IPad or a mac I should go to the forum to find a security breech and the solution .  I remember the time I visited the forum to get the solution to a problem. It turned out it was a well documented months old problem with no official solution or response from Apple. In doing other lookups I found that  type of response was so typical that I never returned to the forum again. I get my solutions from internet searchs instead. 

Amazing.

Yes, I agree that Apple has never said it's products can't be hacked, but it has implied it through it's ads. But Apple users sure do like to say it. If You got a dollar every time an Apple user says they don't get viruses, you would be a lot richer then having Apple stock. 

 

 

[Barbaraok]

Did I say anyone said Apple was dying next month?   I said we have been through, since 1984, the "Apple is dying, will die next month, etc" over and over ad nauseam.   Sorry that you didn't get a response to your question on the Apple Support forum.   It is a large one and often one needs to ask the question in 2 or 3 different areas or sometimes re-ask when no answer comes about.   Or maybe do a little searching in the section area.   

I've been using a Mac since 1984.  Get a new one about every 5 years.  I would bet that most Mac users have not had a virus.  Can it happen, sure.   Do hackers spend a lot of time trying to get into Macs - not until just recently because it was easier and more cost effective to go after a larger number of computers that were Windoze based.  Now there is a larger Apple base and so more people are trying.   And remember that a lot of the Apple users would point to the fact that they had never had a virus as a point of pride in their purchase and a way to  needle Windoze owners.

 

[RV_]

4 hours ago, Barbaraok said: