Posted by: David Harley | March 1, 2016

HackingTeam Rehacking?

A tip of the hat to Randy Knobloch for drawing my attention to an article in Ars Technica: Largely undetected Mac malware suggests disgraced HackingTeam has returned. Which led me to a fascinating analysis by Patrick Wardle – HackingTeam Reborn; A Brief Analysis of an RCS Implant Installer – and Pedro Vilaça: The Italian morons are back! What are they up to this time?

There are several interesting features here, including speculation about the apparent return of HackingTeam (or at least its code),  and the use of OS X native encryption to attempt to protect malicious binaries, further protected by a custom wrapper.

I look forward to further developments in the story.

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: