Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Desktops (Apple) Security Apple

Stealing Advanced Nations' Mac Malware Isn't Hard. Here's How One Hacker Did It (arstechnica.com) 19

Posted by msmash from the security-woes dept.
Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors'. At the RSA Security conference last week, a former hacker for the National Security Agency demonstrated an approach that's often more effective: stealing and then repurposing a rival's code. From a report: Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac malware can be a smarter and less resource-intensive approach for deploying ransomware, remote access spy tools, and other types of malicious code. Where the approach really pays dividends, he said, is with the repurposing of advanced code written by government-sponsored hackers. "There are incredibly well-funded, well-resourced, very motivated hacker groups in three-letter agencies that are creating amazing malware that's fully featured and also fully tested," Wardle said during a talk titled "Repurposed Malware: A Dark Side of Recycling." "The idea is: why not let these groups in these agencies create malware and if you're a hacker just repurpose it for your own mission?" he said.

To prove the point, Wardle described how he altered four pieces of Mac malware that have been used in in-the-wild attacks over the past several years. The repurposing caused the malware to report to command servers belonging to Wardle rather than the servers designated by the developers. From there, Wardle had full control over the recycled malware. The feat allowed him to use well-developed and fully featured applications to install his own malicious payloads, obtain screenshots and other sensitive data from compromised Macs, and carry out other nefarious actions written into the malware.
This discussion has been archived. No new comments can be posted.

Stealing Advanced Nations' Mac Malware Isn't Hard. Here's How One Hacker Did It More

Stealing Advanced Nations' Mac Malware Isn't Hard. Here's How One Hacker Did It

Comments Filter:

  • one interesting snipplet from TFA (Score:5, Insightful)

    by BringsApples ( 3418089 ) on Monday March 02, 2020 @11:45AM (#59787586)

    “With a single modification to the binary, (and building a light-weight C&C server), we now have access to an advanced nation-state loader that will perform to our bidding ...without having to write any (client-side) code!” Wardle wrote in a message following his talk. “This is way easier than writing it from scratch :) Also, if this repurposed variant is ever detected, it will likely be misattributed back to the North Koreans.”

    Makes you wonder, doesn't it?

    • Re: (Score:2)

      by barius ( 1224526 )
      I don't know why he would suggest that your hacked version of the malware would be misattributed seeing as forensics would immediately figure out the malware was hacked to do something the "open" version was not created to do. By modifying the malware, you've put your fingerprints all over it. Regardless, this is all so dumb. When did being a script-kiddie become something you announced as though it made you cool? Anyone can take malware created by someone else and repurpose it to their own ends while h

      • Malware/viri are developed to beat a system that detects a fingerprint. This means that the code for each iteration of a virus or malware is always slightly different. So, in the end, the mechanism that allows the malware to slide through the antivirus software, is the same mechanism that will make it likely (he said "likely" and not "always") misattributed.

  • Almost makes one want to unplug doesn't it? The internet is turning into a war/greedzone with everyone and their dog out to get each other and you.

    • Almost makes one want to unplug doesn't it? The internet is turning into a war/greedzone with everyone and their dog out to get each other and you.

      We humans managed to take this host planet and carve it up into countries. What's yours is yours, and what's mine is mine. Or at least until I decide what's yours is mine too. And then we go to war. Later, rinse, and repeat for oh I dunno, the last few thousand years.

      At some point, we humans gave birth to this virtual world. But it's still a world built and represented by, humans. With regards to all that "war/greedzone" shit, what the fuck did you expect would happen?

      Even Nostradamus' dog could hav

      • Yup - I love how people want to send *people* to Mars, and expect some sort of different outcome.

        • Re: (Score:2)

          by hey! ( 33014 )

          One of the themes that emerges from Asimov's robot stories is that robots are actually better people than people are. They have a code (well, *code* I guess) that they don't violate; hypocrisy is literally impossible for them.

          This is not entirely science fiction. There's a saying in Washington politics: if you want a friend in this town, get a dog. Arguably humans have spent 20,000 years of selective breeding to transform the wolf in a companion that can reliably give you what you want from other people,

      • Re: (Score:2)

        by lgw ( 121541 )

        The people who have power are the sorts of people who want power. Not much can be done about that, really, beyond trying to limit how much power we give those guys just on general principles.

    • Humans can turn anything into a warzone. Including Association Football.

  • Sounds familiar... (Score:3)

    by ArhcAngel ( 247594 ) on Monday March 02, 2020 @12:03PM (#59787688)
    Who was it that said

    Good artist copy, great artist steal

    ?

  • ...skript kiddies.

    • No, they just discovered that any Malware once it is out there can be stolen, reverse engineered and appropriated by anyone.

      Any sort of attribution along the lines of "we know this was done by NK, China, Moscow, Iran, whatever", because they used malware which was previously used by Fancy Moron, Fancy Bear, Fancy W*nker, etc group has absolutely zero value.

      In fact it is deliberately misleading and any "researcher" trying to attribute something to CIA, KGB, GRU, Mossad etc on the grounds of "they are usi

  • Not hard?! (Score:4, Funny)

    by risc8088 ( 876186 ) on Monday March 02, 2020 @01:30PM (#59788086)

    Haha its totally not hard people this guy did it:
    https://www.linkedin.com/in/pa... [linkedin.com]

    heres the easy to follow steps!

    1. Graduate from Johns Hopkins with 2 masters degrees in computer science and security
    2. Work for NASA, NSA and a half dozen other top tech companies as a Director of research, Chief Security Officer, etc.
    3. Obtain and reverse engineer advanced mac malware using the latest sophisticated technology and techniques.
    4. Profit!

    This 'hacker' did it and so can you!

  • I thought part of the secret sauce with Apple products was no malware. I guess I woke up in a different decade.

  • Malware wants to be free! Just don't click Agree to the EULA.

  • I don't understand why this is some grand piece of advice... I mean the hacker world has been doing this for a good 2-3 decades... since sneakernet?

    Thats why they are called "Scriptkiddies". You take other people's effective code and alter it a tiny bit to have it do what you need. Sometimes simply edit the header files. Same with DRM hacking, the game hacks aren't reinvented over and over again; the same base hack is retooled against a new game.

    Hackers "outdo" each other because of the challenge. We c

Slashdot Top Deals

"A car is just a big purse on wheels." -- Johanna Reynolds

Close