New malware found on 30,000 Macs has security pros stumped

Posted on 2021-02-20 by pappp

Source: Ars Technica

Article note: That is some weird high-polish shit to be running no payloads for that long. Escaped experiment? Nation-state actor testing? Someone clever and nefarious waiting for a large reach before they start dropping payloads?
Close-up photograph of Mac keyboard and toolbar.

Enlarge (credit: Jayson Photography / Getty Images)

A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists.

Read 10 remaining paragraphs | Comments

This entry was posted in News. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *