Skip to main content

Has the infamous Hacking Team returned?

The emergence of a newly developed Mac malware has seemed to signal that the infamous Hacking Team has returned.

The disgraced malware-as-a-service provider has been under the radar since 400GB of the group's private e-mail and source code leaked online in July. The group said that it would return at some point with new code.

However, in around October, researchers found that a recent Mac malware was installing a version of Hacking Team's Remote Code Systems tool.

Its recent re emergence has been uncovered by researchers through a sample that was uploaded on 4 February to VirusTotal, a Google-owned scanning service.

SentinelOne security researcher Pedro Vilaça said that it is not certain that this is the work of the Hacking Team, however the sample mostly relies on old, largely unexceptional source code.

"Hacking Team is still alive and kicking but they are still the same crap morons as the e-mail leaks have show us," Vilaça wrote.

The sample appears to install a new version of the old Hacking Team implant, with advanced tricks that allows it to evade detection and analysis, Synack Mac security expert Patrick Wardle said.

It remains unclear how the malware gets installed, but it’s possible that the file installs as a seeming benign application or that it's bundled with an exploit that surreptitiously executes the installer.

Image Credit: wavebreakmedia / Shutterstock