Malware Rarely Announces Itself But Waits In The Shadows

Cybersecurity firm, Red Canary, recently detected a malware they call Silver Sparrow that has infected about 30,000 Mac computers. At this point, security investigators have been unable to identify the purpose of the malware.

Investigators monitoring the malware say the code checks in with a control server once an hour for instructions but has yet to execute a payload. This leads experts to believe the malware is waiting for some unknown condition to be met before acting.

Another peculiar aspect of the malware is that it contains a self-destruct mechanism that is more often found in high-stealth campaigns. Also, the virus has a version that runs natively on Apple's recently released M1 chip. This has only been seen on one other malware aimed at Mac operating systems and makes it more difficult to discover.

Experts have identified this malware in 153 countries, with most infections occurring in the U.S., U.K., Canada, France, and Germany. Dan Goodin "New malware found on 30,000 Macs has security pros stumped" arstechnica.com (Feb. 20, 2021).

Commentary

Malicious software, or malware, can bring about a multitude of damaging effects on computers and network systems. The mysterious nature of this new Silver Sparrow malware only adds to the unease of security experts.

Staying informed about current threats, and malware in general, is a valuable way to protect network systems from infection. Employers can educate users by implementing weekly or monthly security updates or providing short quizzes and quick facts about system security as a “pop-up” when a user signs onto the network.

Two common misconceptions about malware are that a computer infection will be obvious. In fact, most malware is designed to run undetected for as long as possible, so rarely leaves a trail that can be identified. Also, it is not unusual for cybercriminals to exploit the vulnerabilities of a reputable website and insert malicious files that unsuspecting users could download.

Users also mistakenly assume that cybercriminals would not bother to collect general personal data, like the information they may put on social media. However, hackers find such information invaluable in creating “customized” targeted phishing emails for the purpose of social engineering.

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

The Evolution Of Ransomware Creates More Severe Risks For All Organizations

Ransomware and those who use it are evolving their tactics - becoming more sophisticated and demanding more ransom in return. We examine.

Online Requests To Change Payment Procedures: A Red Flag That Needs Thorough Investigation

Organizations must train employees to prevent phishing scams, but also know what to do if an employee falls prey. Read more.

Mac Malware Is On The Rise: Why You Can't Wait To Update

Installing updates to patch vulnerabilities immediately is your best defense against malware, including malware infecting Macs. We examine.