Stealing advanced nations’ Mac malware isn’t hard. Here’s how one hacker did it
Former NSA hacker repackages in-the-wild Mac malware for his own use. …
reader comments
31 with 28 posters participating
SAN FRANCISCO—Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors’. At the RSA Security conference this week, a former hacker for the National Security Agency demonstrated an approach that’s often more effective: stealing and then repurposing a rival’s code.
Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac malware can be a smarter and less resource-intensive approach for deploying ransomware, remote access spy tools, and other types of malicious code. Where the approach really pays dividends, he said, is with the repurposing of advanced code written by government-sponsored hackers.
“There are incredibly well-funded, well-resourced, very motivated hacker groups in three-letter agencies that are creating amazing malware that’s fully featured and also fully tested,” Wardle said during a talk titled “Repurposed Malware: A Dark Side of Recycling.”
“The idea is: why not let these groups in these agencies create malware and if you’re a hacker just repurpose it for your own mission?” he said.
Hijacking the hijackers
To prove the point, Wardle described how he altered four pieces of Mac malware that have been used in in-the-wild attacks over the past several years.
The repurposing caused the malware to report to command servers belonging to Wardle rather than the servers designated by the developers. From there, Wardle had full control over the recycled malware. The feat allowed him to use well-developed and fully featured applications to install his own malicious payloads, obtain screenshots and other sensitive
Continue reading – Article source