Malware + Recommended + Security News
Hacked Spyware Company Seems to Have Released More Mac Malware
Posted on by Graham Cluley
Hacking Team, an Italian company which specialises in helping governments and intelligence agencies spy on their citizens, didn’t have the best year in 2015.
It suffered an embarrassing hack, which saw its source code and entire email archive leaked online along with zero-day vulnerabilities it had been keeping up its sleeve (to sell to intelligence agencies prepared to stump up enough cash) released into the wild.
Some predicted that the future didn’t look too bright for Hacking Team, as it was forced to tell its government customers to stop using its spyware until it had restored some semblance of control over its network.
But now, over six months on, is it business as usual?
As security researcher Pedro Vilaça describes (in a post unflatteringly titled “The Italian morons are back! What are they up to this time?”), a fresh new version of Hacking Team’s RCS (Remote Control System) spyware has been uncovered.
As Mac security researcher Patrick Wardle describes, this sample of the malware is unusual insomuch as it uses a variety of techniques to avoid detection and analysis, being obfuscated with different encryption methods.
Intego’s own research team, however, say that the malware does not pose significant challenges for them.
Intego VirusBarrier will detect the malware as OSX/Crisis (a name shared with the Crisis malware family, based upon Hacking Team’s code). Some other anti-virus vendors are referring to the malware as “OSX/Morcut.”
Whether it really is the work of Hacking Team, rising phoenix-like from the flames of its own ironic hacking disaster, is hard to confirm — as it might equally be possible that a third-party is using Hacking Team’s code to create their own malware. However, the smart money is pointing once again to the Italian firm.
The good news is that unless you are using a computer which is of interest to a government or intelligence agency, chances are that you will not have much to fear from this particular strain of Mac malware.
According to Mac Observer even if you aren’t running an anti-virus program on your Apple computer or laptop (shame on you if that’s the case), there is a simple way to tell if you might be infected with this particular malware:
Odds are your Mac hasn’t been hit with this new—and mostly meh—malware, but if you want to double check, look in ~/Library/Preferences/8pHbqThW/ for the file Bs-V7qIU.cYL.
Regardless, it always makes sense to keep your Mac anti-virus defences up to date, and follow best practices to reduce the chances of a security breach.