Is your Mac infected by newly discovered malware that was ostensibly created by Milan-based HackingTeam in order to gain remote access to your machine?
The new virus uses some old HackingTeam code and some new tricks to hide its tracks, but it’s mostly harmless, according to researchers.
That doesn’t mean it’s not a good idea to get it off your system. Here’s how.
The file — which installs a copy of HackingTeam’s Remote Code Systems compromise platform — was originally reported by Pedro Vilaça, a security researcher from Sentinel One, and confirmed by Mac security expert Patrick Wardle of Synack.
When initially released, the software was unable to be found by any antivirus software out there, according to Google’s Virus Total detection service, though more than 40 different antivirus apps can find it now if it’s on your Mac. (That list includes heavy hitters like McAfee, ClamAV and Kaspersky.)
If you have one of the programs in the list above, you’re good. If you don’t, and want to check to see if you’ve gotten infected, you can check the ~/Library/Preferences/8pHbqThW/ directory. Or you can download Wardle’s own antivirus program, KnockKnock, which is fairly lightweight and easy to install and use.
Since the current virus uses old code from a high-profile hacking group, it’s a good possibility that this is a one-off issue, created by some newer team looking for some hacker fame. Whatever the case, give the directory above a look, and/or run KnockKnock (or another antivirus app that’s on the list) just to make sure.
Via: Ars Technica