The malware’s versatility makes it re-purposeattractive for other attackers, including other governments.
The sophisticated malware will bypass protections that are built into macOS.
The way this form of malware works is uploading captured data to government owned servers that created them, and downloading additional malware from those servers. Wardle was able to crack the encryption that was used, and instead point the malware to its own server.
He said there are two reasons, besides the risk of other hackers doing this, that other governments might sometimes hijack malware from another government instead of using their own.
This is already happening, he says. There’s evidence for example, that NSA-developed malware was used by China, North Korea, and the Russian Federation. Something to consider when Apple is being asked by the U.S. government to create a compromised version of iOS for use by U.S. law enforcement.
You can watch the presentation below from Wardle, see the slides here and get a good description of how Wardle pulled off the hijack in the full report from ArsTechnica.
It should be noted that Wardle is discussing state-created Mac malware made possible by effectively unlimited resources; there is more nuisance than danger to most Mac malware out.