Malware hints that Hacking Team is back
The infamous spyware seller's code has turned up in a new attack.
Hacking Team has largely stayed under the radar after a gigantic leak exposed its spyware-selling ways, but the company might be on the rebound. Security researchers have noticed that recent Mac malware installs a version of Hacking Team's Remote Code Systems tool from around October, or three months after the outfit was publicly torn apart. There is a chance that a third-party group simply obtained and reworked some of the leaked source code, but clues suggest that this wasn't the work of amateurs.
For a start, the existence of fresh code in the sample malware is odd in itself. As SentinelOne's Pedro Vilaça asks, why would a third-party maintain Hacking Team's work? Also, it's unusually sophisticated: it uses Apple's own encryption system, making it harder to scrutinize the malware's contents. The only significant doubt is that Hacking Team had promised to come back with brand new code -- a few modifications here and there don't really count.
You probably don't have much to worry about at this stage. At least some antivirus scanners already detect the malware, and there's no obvious infection mechanism. You may have to be fooled into installing a file, or else fall victim to another exploit that brings Hacking Team's work along for the ride. If this is the company's work, though, it's bad news for targets of less-than-scrupulous government surveillance.
