New Mac Malware Points to Return of Hacking Team

The controversial Italian intrusion and surveillance IT firm Hacking Team appears to be active again, according to security researchers who have identified a new kind of Mac malware. First submitted to the security analysis site VirusTotal on February 2, samples of the OS X malware reveal a number of hallmarks of Hacking Team code, said experts who have reviewed the code.

Founded by Italian programmers Alberto Ornaghi and Marco Valleri in 2003, Hacking Team has been widely criticized by privacy and civil rights advocates for selling its hacking and surveillance tools to governments with records of human rights abuses. The company was itself hacked in July, resulting in the release of 400 GB of e-mail conversations, internal files and source codes.

In a post yesterday on his Mac OS X security blog, SentinelOne senior researcher Pedro Vilaça said he analyzed a new sample of OS X malware code that uses "more or less the same techniques as older Hacking Team RCS [remote control systems] samples." He added that reverse engineering the sample shows that the code dates to October or November of last year, indicating new activity by Hacking Team after its massive data breach last summer.

Malware First Went Undetected

Analysis of the sample code shows it is "a very fresh sample compared with what we got in the past, it is a sample created post July 2015 hack, and it's using the same code base as before," Vilaça said. "HackingTeam is still alive and kicking."

When the sample code was first uploaded to VirusTotal, the detection rate for the malware was zero, meaning none of the 55 leading anti-virus protection services could detect and identify it. As of today, however, 19 of those services can now detect the suspicious code. The new malware uses a "dropper" to install a virus into...

Comments are closed.