Speaking to the assembled throngs at the RSA Security conference last week, Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf showed off how he used old Mac malware to steal and then repurpose a rival's code.
While the Tame Apple Press were telling the world that there was no malware for Macs, world governments were designing fully featured and tested malware for the Mac.
This was good code and can be repurposed for a new mission Wardle said during a talk titled "Repurposed Malware: A Dark Side of Recycling."
Wardle described how he altered four pieces of Mac malware that have been used in in-the-wild attacks over the past several years. The repurposing caused the malware to report to command servers belonging to Wardle rather than the servers designated by the developers.
From there, Wardle had full control over the recycled malware. The feat allowed him to use well-developed and fully featured applications to install his own malicious payloads, obtain screenshots and other sensitive data from compromised Macs, and carry out other nefarious actions written into the malware.