Security researchers have discovered a sleeper malware on over 30,000 Apple Macs. While the threat is reported to be currently idle, evidence suggests that it may spring into action anytime.
The malware, called “Silver Sparrow,” comes with a self-destruct mechanism, a feature usually reserved only for high-stealth operations. There is no evidence that the feature is used yet. Still, researchers question the intentions behind its inclusion.
The mysterious malware also surprises researchers with a lack of final payload, meaning that researchers are yet to discover Silver Sparrow’s ultimate goal.
Another version of the malware was detected to target Intel’s x86_64 processors, which are still used in some Apple laptops.
It is noteworthy to mention that security experts have earlier warned that Apple’s transition from Intel’s chips to their own chips would open doors for hackers to introduce malware.
Silver Sparrow has been detected in 153 countries, with major clusters found in the US, the UK, Canada, France, and Germany.
While the malware’s infrastructure is hosted on the Amazon Web Services S3 cloud platform, callback domains are leveraging Akamai’s content delivery network (CDN).
“[T]his hosting choice allows them to blend in with the normal overhead of cloud infrastructure traffic,” researchers at Red Canary say, explaining that most organizations cannot afford to block access to resources in AWS and Akamai.