Posted by: David Harley | March 1, 2016

HackingTeam Rehacking?

A tip of the hat to Randy Knobloch for drawing my attention to an article in Ars Technica: Largely undetected Mac malware suggests disgraced HackingTeam has returned. Which led me to a fascinating analysis by Patrick Wardle – HackingTeam Reborn; A Brief Analysis of an RCS Implant Installer – and Pedro Vilaça: The Italian morons are back! What are they up to this time?

There are several interesting features here, including speculation about the apparent return of HackingTeam (or at least its code),  and the use of OS X native encryption to attempt to protect malicious binaries, further protected by a custom wrapper.

I look forward to further developments in the story.

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: