Malware Indicates the Return of Hacking Team

Hacking Team already come under the radar once it got exposed of its spyware-selling methods by an enormous leak, however the company may be recovering. Security researchers have seen that a version from Remote Code Systems tool of Hacking Team was installed by the latest Mac malware in around October, or 3 months after the outfit was openly torn apart.

There is a probability that few leaked source code are simply acquired and amended by third-party group, but there are no signs which suggest that the work was done by amateurs. The breach compels the company to declare an emergency mode, forcing its customers to close their systems.

To begin with, the existence of new code in the sample malware is itself odd. Pedro Vilaca of SentinelOne asks to find out why should a third-party maintain work of Hacking Team. It is also strangely sophisticated: it uses encryption system of Apple making it difficult to examine the content of the malware. The Hacking Team had assured that they will return with a complete new code is the only important doubt, as little changes in some portions do not actually count as engadget.com posted on February 29th, 2016.

After six months, security researchers get the first actual proof of the company being alive, and doing well and making new spyware. According to security researchers, tools of Hacking Team are still as mediocre as they were before.

Hacking Team seems to have created a sample malware that was uploaded on internet, which has been identified by security researchers. According to security researchers, this sample might be a new version of old Mac malware of Hacking Team. As per them, this sample is mainly made of the code similar to the old Hacking Team malware for Mac OS X with new components which make it keep undetected.

Based on the analysis, Vilaca becomes doubtful about claims of Hacking Team. Had they actually been working on fresh code; that too have been leaked.

After few months of the hack, this new sample is dated October 2015. It may be possible that after the breach, when antivirus companies upgraded their systems to identify its malware, Hacking Team first make its products undetectable again without applying new code.

» SPAMfighter News - 3/4/2016