Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday March 03 2020, @12:16PM   Printer-friendly
from the software-reuse-FTW dept.

Stealing advanced nations' Mac malware isn't hard. Here's how one hacker did it:

Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors'. At the RSA Security conference this week, a former hacker for the National Security Agency demonstrated an approach that's often more effective: stealing and then repurposing a rival's code.

Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac malware can be a smarter and less resource-intensive approach for deploying ransomware, remote access spy tools, and other types of malicious code. Where the approach really pays dividends, he said, is with the repurposing of advanced code written by government-sponsored hackers.

"There are incredibly well-funded, well-resourced, very motivated hacker groups in three-letter agencies that are creating amazing malware that's fully featured and also fully tested," Wardle said during a talk titled "Repurposed Malware: A Dark Side of Recycling."

"The idea is: why not let these groups in these agencies create malware and if you're a hacker just repurpose it for your own mission?" he said.

To prove the point, Wardle described how he altered four pieces of Mac malware that have been used in in-the-wild attacks over the past several years.

The repurposing caused the malware to report to command servers belonging to Wardle rather than the servers designated by the developers. From there, Wardle had full control over the recycled malware. The feat allowed him to use well-developed and fully featured applications to install his own malicious payloads, obtain screenshots and other sensitive data from compromised Macs, and carry out other nefarious actions written into the malware.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday March 03 2020, @02:24PM (2 children)

    by Anonymous Coward on Tuesday March 03 2020, @02:24PM (#965980)

    > "There are incredibly well-funded, well-resourced, very motivated hacker groups in three-letter agencies that are creating amazing malware that's fully featured and also fully tested"

    How does one get into this line of work? I'm getting bored shitless of doing underfunded, unappreciated scientific work with an endless stream of average but untalented Chinese grad students who barely speak English and probably pass everything we do back to China for personal gain...

  • (Score: 0) by Anonymous Coward on Tuesday March 03 2020, @03:26PM

    by Anonymous Coward on Tuesday March 03 2020, @03:26PM (#966004)

    Sadly, it's not very difficult and there are lots of opportunities as long as you can qualify for a security clearance.

  • (Score: 0) by Anonymous Coward on Wednesday March 04 2020, @06:57AM

    by Anonymous Coward on Wednesday March 04 2020, @06:57AM (#966392)

    endless stream of average but untalented Chinese grad students who barely speak English and probably pass everything we do back to China for personal gain...

    Oh yes, if only education was to teach someone and then erase their brain before they could use it not for your profit...