For a start, the existence of fresh code in the sample malware is odd in itself. As SentinelOne’s Pedro Vilaça asks, why would a third-party maintain Hacking Team’s work? Also, it’s unusually sophisticated: it uses Apple’s own encryption system, making it harder to scrutinize the malware’s contents. The only significant doubt is that Hacking Team had promised to come back with brand new code — a few modifications here and there don’t really count.

You probably don’t have much to worry about at this stage. At least some antivirus scanners already detect the malware, and there’s no obvious infection mechanism. You may have to be fooled into installing a file, or else fall victim to another exploit that brings Hacking Team’s work along for the ride. If this is the company’s work, though, it’s bad news for targets of less-than-scrupulous government surveillance.

%d bloggers like this: