Find out if you’ve been infected by sneaky new Mac malware

By

Have you been infected?
Have you been infected?
Photo: Marcin Nowak/Unsplash

Is your Mac infected by newly discovered malware that was ostensibly created by Milan-based HackingTeam in order to gain remote access to your machine?

The new virus uses some old HackingTeam code and some new tricks to hide its tracks, but it’s mostly harmless, according to researchers.

That doesn’t mean it’s not a good idea to get it off your system. Here’s how.

The file — which installs a copy of HackingTeam’s Remote Code Systems compromise platform — was originally reported by Pedro Vilaça, a security researcher from Sentinel One, and confirmed by Mac security expert Patrick Wardle of Synack.

When initially released, the software was unable to be found by any antivirus software out there, according to Google’s Virus Total detection service, though more than 40 different antivirus apps can find it now if it’s on your Mac. (That list includes heavy hitters like McAfee, ClamAV and Kaspersky.)

If you have one of the programs in the list above, you’re good. If you don’t, and want to check to see if you’ve gotten infected, you can check the ~/Library/Preferences/8pHbqThW/ directory. Or you can download Wardle’s own antivirus program, KnockKnock, which is fairly lightweight and easy to install and use.

Since the current virus uses old code from a high-profile hacking group, it’s a good possibility that this is a one-off issue, created by some newer team looking for some hacker fame. Whatever the case, give the directory above a look, and/or run KnockKnock (or another antivirus app that’s on the list) just to make sure.

Via: Ars Technica

Deals of the Day


  • matt

    so all infected machines have a folder ” ~/Library/Preferences/8pHbqThW/ ” ?? or is that a random folder

  • DCJ001

    “Only about a fifth of the anti-virus installers out there for the Mac are able to”

    Rob. Where is the rest of this article? Or is this one that you are leaving unfinished?

  • Amir Sadeh

    You got the detection the wrong way round. Green tick on VirusTotal means nothing detected, so there are 15 products not 40 which detect it. The ones you mention actually all fail to detect it.

  • Titus213

    And what, exactly, do I check that directory for? Not a very helpful article.