welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD
print   email   Share

Malware Rarely Announces Itself But Waits In The Shadows

Cybersecurity firm, Red Canary, recently detected a malware they call Silver Sparrow that has infected about 30,000 Mac computers. At this point, security investigators have been unable to identify the purpose of the malware.

Investigators monitoring the malware say the code checks in with a control server once an hour for instructions but has yet to execute a payload. This leads experts to believe the malware is waiting for some unknown condition to be met before acting.

Another peculiar aspect of the malware is that it contains a self-destruct mechanism that is more often found in high-stealth campaigns. Also, the virus has a version that runs natively on Apple's recently released M1 chip. This has only been seen on one other malware aimed at Mac operating systems and makes it more difficult to discover.

Experts have identified this malware in 153 countries, with most infections occurring in the U.S., U.K., Canada, France, and Germany. Dan Goodin "New malware found on 30,000 Macs has security pros stumped" arstechnica.com (Feb. 20, 2021).

Commentary

Malicious software, or malware, can bring about a multitude of damaging effects on computers and network systems. The mysterious nature of this new Silver Sparrow malware only adds to the unease of security experts.

Staying informed about current threats, and malware in general, is a valuable way to protect network systems from infection. Employers can educate users by implementing weekly or monthly security updates or providing short quizzes and quick facts about system security as a “pop-up” when a user signs onto the network.

Two common misconceptions about malware are that a computer infection will be obvious. In fact, most malware is designed to run undetected for as long as possible, so rarely leaves a trail that can be identified. Also, it is not unusual for cybercriminals to exploit the vulnerabilities of a reputable website and insert malicious files that unsuspecting users could download.

Users also mistakenly assume that cybercriminals would not bother to collect general personal data, like the information they may put on social media. However, hackers find such information invaluable in creating “customized” targeted phishing emails for the purpose of social engineering.

Finally, your opinion is important to us. Please complete the opinion survey: