Hacked Hackers are Back with Recycled Mac Malware

| News

After getting hacked itself last year, HackingTeam is back with new malware for the Mac, although it doesn't seem to pose any serious threat. The group tried to make a name for itself by developing and selling Mac malware with little success, and its latest attempt seems to be little more than recycled code that was leaked when their servers were breached.

HackingTeam is back with new-ish Mac malware threatHackingTeam is back with new-ish Mac malware threat

It isn't clear how this new malware gets installed, but Synack security expert Patrick Wardle noted it does use some fairly sophisticated ways to avoid detection, including Apple's own encryption system that protects app binaries—a first for Mac malware.

The malware installs Remote Code Systems, which was HackingTeam's own platform for penetrating Mac security. SentinalOne security expert Pedro Vilaça wasn't overly impressed with the group's latest efforts saying,

HackingTeam is still alive and kicking but they are still the same crap morons as the e-mail leaks have show us. If you are new to OS X malware reverse engineering, it's a nice sample to practice with. I got my main questions answered so for me there's nothing else interesting about this. After the leak I totally forgot about these guys grin.

Odds are your Mac hasn't been hit with this new—and mostly meh—malware, but if you want to double check, look in ~/Library/Preferences/8pHbqThW/ for the file Bs-V7qIU.cYL. Virus and malware checkers are being updated to recognize this malware signature, too.

When all is said and done, the bigger news here may be that HackingTeam is still around, not that they released a variation on their own code.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

tl;dr version: For now, the new malware from HackingTeam is more of an academic interest than a serious Mac threat. And HackingTeam? They're still around?

Popular TMO Stories

No Comments

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account