BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Free Facebook Service Can Hunt Down Hacking Team Malware On Apple Macs

Following
This article is more than 8 years old.

Hacking Team malware, if the leaks are anything to go by, is sitting on machines across the planet. It might even be delivered from drones, according to emails from the Italian firm, which was hacked earlier this month and 415GB of its internal data leaked.

For the average business, however, anti-virus or more sophisticated malware-blocking tech won’t be enough to keep government-grade malware like that created by Hacking Team out. But there are other services on offer and one of them is free.

Facebook announced today it was pushing out some “query packs” on its code page that would enable IT folk to quickly look for signs of Hacking Team infection. These query packs form part of Facebook’s “osquery”, a free and open source framework that can be used to gather network data and quickly ask questions to uncover potential security threats. It’s part of the social network’s own security defences and was updated recently to protect against some critical Apple Mac and iPhone vulnerabilities.

Whilst query packs can be created to bunch specific, commonly-used sets of questions for datasets, Facebook has released a handful of its own, including ones related specifically to Apple Mac OS X machines. “The OS X-attacks pack has queries which identify known variants of malware, ranging from advanced persistent threats (APT) to adware and spyware. If a query in this pack produces results, a host in your Mac fleet is compromised with malware. This pack is high signal and should result in near-zero false positives,” said Javier Marcos, security engineer at Facebook, in a blog post, before noting that the query pack includes commands that seek out signs of Hacking Team infiltration.

Facebook told FORBES it hadn’t put together other query packs for other operating systems but noted that users can simply create their own queries to identify other "indicators of compromise", such as slow performance or daemon processes.

There’s also a vulnerability management pack that promises to help IT “collect and quickly identify outdated and vulnerable software”. “Whether you're interested or responsible for the operating system, browsers, browser plugins, particular applications, or packages, you can audit for vulnerable hosts and validate whether an upgrade was successful,” Marcos added.

Hacking Team has capabilities across operating systems far beyond Apple’s Mac OS X, including Microsot Windows and Linux, as well as mobile platforms Android and iOS. The emails show it’s had mixed successes with different systems, with iOS proving tricky, often requiring the device to be jailbroken, where Apple’s controls over the iPhone are removed by exploiting the device.

One email outlining future plans, dated 1 July 2015, includes updates for Hacking Team’s Galileo surveillance tool so that it could infect Windows 10 clients, and do more on Macs, including the capture of a token for iCloud, so snoops could sneak into targets’ accounts.

“The capabilities are more or less similar to that of windows with just some features missing,” noted former Hacking Team Android developer, and founder of defensive firm ReaQta.

Perhaps most concerning of all Hacking Team’s malware is one that can infect the heart of the computer, the BIOS, which loads before the operating system, giving it incredible stealth. Though now Intel and other chip makers have been gifted insight into the workings of police-grade BIOS “rootkits”, the defenders of the world might have some time to man the digital barricades.