SecureMac, Inc.

Has Hacking Team Returned? New Mac Malware Suggests As Much

March 14, 2016

Last year, the spyware developer Hacking Team seemed to go down in flames after a massive internal leak exposed the company’s dirty secrets for the world to see. Prior to that occurrence, the Milan-based firm had been in operation since 2003, selling products to governments, law enforcement, corporations, and other entities to help them spy on customers or private citizens. From monitoring emails to breaking encrypted communications, all the way to covertly activating webcams, Hacking Team traded in software that gleefully wrecked privacy rights and laundry lists of other …

Has Hacking Team Returned? New Mac Malware Suggests As Much

Last year, the spyware developer Hacking Team seemed to go down in flames after a massive internal leak exposed the company’s dirty secrets for the world to see. Prior to that occurrence, the Milan-based firm had been in operation since 2003, selling products to governments, law enforcement, corporations, and other entities to help them spy on customers or private citizens. From monitoring emails to breaking encrypted communications, all the way to covertly activating webcams, Hacking Team traded in software that gleefully wrecked privacy rights and laundry lists of other civil liberties.

Last year’s leak revealed a lot of damning information about Hacking Team’s inner dealings—such as invoices to clients like the FBI, the Liberation Army, Sudan, and Kazakhstan. The leak also included the source code of most of the company’s software.

Not too surprisingly, the PR nightmare seemed to push Hacking Team Underground—though the company did vow to return sometime in the future with new programs and code. Now, it appears that the widely hated spyware firm is back and that they’ve brought a piece of Mac OS X malware with them.

According to a report published by Ars Technica, there is a new piece of Mac malware that “installs a copy of Hacking Team’s signature Remote Code Systems compromise platform.” Since the malware is reusing source code from previous Hacking Team projects, it’s possible that it could be the work of an imposter. After all, all of Hacking Team’s code was leaked to the web, and the company initially promised to come back with completely new code. If the malware is the work of the disgraced Milan firm, it’s not exactly a glorious return.

There are aspects of the malware sample that make it clear that it wasn’t the work of amateurs. According to Mac security expert Patrick Wardle, the software exploits Apple’s encryption scheme and uses it to protect the malware. Wardle, who himself has given presentations about using Apple’s encryption to protect malicious binaries, was excited to see his idea actually used in a piece of malware. However, Wardle also said that the encryption was easily breakable, and the malware itself wasn’t particularly dangerous.

Engadget agrees with Wardle’s diagnosis that there isn’t much to worry about with this malware. Many antivirus programs have already updated their definitions to recognize it, and while there isn’t much evidence as to how the software ends up installed on your system, it probably won’t cause much of an issue for the vast majority of Apple users. The more pressing question at hand is whether or not this malware is actually the work of the Hacking Team. If it is, then the spyware company could be ready to make a comeback—not good news for anyone who values privacy or liberty.

Get the latest security news and deals