After getting hacked itself last year, HackingTeam is back with new malware for the Mac, although it doesn't seem to pose any serious threat. The group tried to make a name for itself by developing and selling Mac malware with little success, and its latest attempt seems to be little more than recycled code that was leaked when their servers were breached.
HackingTeam is back with new-ish Mac malware threat
It isn't clear how this new malware gets installed, but Synack security expert Patrick Wardle noted it does use some fairly sophisticated ways to avoid detection, including Apple's own encryption system that protects app binaries—a first for Mac malware.
The malware installs Remote Code Systems, which was HackingTeam's own platform for penetrating Mac security. SentinalOne security expert Pedro Vilaça wasn't overly impressed with the group's latest efforts saying,
HackingTeam is still alive and kicking but they are still the same crap morons as the e-mail leaks have show us. If you are new to OS X malware reverse engineering, it's a nice sample to practice with. I got my main questions answered so for me there's nothing else interesting about this. After the leak I totally forgot about these guys :-).
Odds are your Mac hasn't been hit with this new—and mostly meh—malware, but if you want to double check, look in ~/Library/Preferences/8pHbqThW/ for the file Bs-V7qIU.cYL. Virus and malware checkers are being updated to recognize this malware signature, too.
When all is said and done, the bigger news here may be that HackingTeam is still around, not that they released a variation on their own code.