The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.Īlso curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations.
So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute.
A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, and security researchers are still trying to understand precisely what it does and what purpose its self-destruct capability serves.