New Mac malware could be from the infamous Hacking Team


Online security researchers say them have discovered a new piece of Mac malware that may have been created by the Hacking Team, a controversial organisation that was exposed last year for selling surveillance software and services to governments and law enforcement organisations around the globe.

The recently discovered malware is what security experts call a ‘dropper’ and which is designed to plant a piece of malicious software onto a computer or mobile device.

In this case, the ‘dropper’ reportedly contains the same malicious code previously used by Hacking Team.

It is possible that a third party has somehow gained access to the code, however, security experts claim this is unlikely given the complexity of the code itself, which is so sophisticated it uses Apple’s encryption system making it very difficult to be detected.

Pedro Vilaca, an OS X security expert with SentinelOne who discovered the OS X malware said: “The dropper is using more or less the same techniques as older Hacking Team RCS samples, and its code is more or less the same”.

For the average Mac user there is no need to panic just yet. However, in the unlikely event you are the target of surveillance by government officials or law enforcement then you might want to think twice before opening any suspicious email attachments.

In 2015, Hacking Team hit the headlines when it suffered a massive data breach that saw the release of 400GB of data.

The company had previously been accused of supplying sophisticated hacking software to governments accused of having poor human rights records.

The data leak exposed Hacking Team’s clientele list which included the governments of Azerbaijan, Bahrain, Ethiopia, Morocco, Nigeria and Sudan, amongst others.

Even the Thai government was alleged to have used the services of the Hacking Team.

In response, Hacking Team has always maintained it does not sell products or services to governments that are used illegally.

Source: Ars Technica


Comments are closed.