- A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.
- Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute.
- Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists.
- The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany. Its use of Amazon Web Services and the Akamai content delivery network ensures the command infrastructure works reliably and also makes blocking the servers harder.
- Researchers from Red Canary, the security firm that discovered the malware, are calling the malware Silver Sparrow.
– Dan Goodin | February 20, 2021