Yesterday, we reported a malicious software called "silver sparrow" that has been found on nearly 30000 Macs around the world, causing a big stir in the security industry,At present, researchers are still trying to understand its exact function and the purpose of its self destruction function.
Behavior analysis shows that every hour, the infected MAC checks a control server to see if there are new commands or binaries that malware should run. However, so far, researchers have not observed any payloads delivered on the infected 30000 machines, which makes the ultimate target of the malware unclear. The lack of a final payload indicates that malware may start to act once unknown conditions are met.
In addition, curiously, the malware also has a mechanism to completely clean itself, which is usually reserved for highly covert actions. However, so far, there is no sign that the self destruct function has been used, which raises the question of why there is such a mechanism.
The malware has been detected in 153 countries, with detection concentrated in the United States, the United Kingdom, Canada, France and Germany. Its use of Amazon Web services and the content distribution network of akami ensures the reliable operation of the command infrastructure and increases the difficulty of blocking servers.