It appears that disgraced commercial hackers HackingTeam is active once again. A malware sample uploaded to Google’s VirusTotal service has revealed source code that indicates a return from the malware-as-a-service business; although it looks like they are relying on some old tricks.
The malware sample has been revealed to be a copy of HackingTeam’s Remote Code Systems platform with a few alterations. Experts cracked the malware rather quickly due to the fact that the source code for the platform was leaked back in July 2015 – along with just about every other piece of documentation owned by HackingTeam.
That being said, experts cannot be 100-percent sure that the malware originates from HackingTeam. The leaked source code allows just about anyone to recompile their own version of the RCS, and the changes could have been implemented by a hacker looking to piggyback off someone else’s work.
However, it looks like the command and control server for the new malware has been active as recently as January 2016; which is evidence that someone is still using the malware. If it is HackingTeam, then it is likely that the group has been too eager to get its products back on the market. The hackers had vowed to return with different methods after their prized exploits and 0-days were exposed to the world; although it looks like they are simply trying their old tricks again.
If HackingTeam is really back, it could mean that its former customers could be back up to their old tricks. For anyone not keeping score, this includes many oppressive regimes that have used the malware to spy on their citizens.