The malware, which the company calls Silver Sparrow, does not “exhibit the behaviors we expect from the usual adware that so often targets macOS systems,” wrote Tony Lambert, an intelligence analyst at Red Canary.
It is not clear what the purpose of the malware is. Silver Sparrow includes a self-destruct mechanism that appears not to have been used, the researchers said. It is also unclear what would trigger this function.
“Although we have not yet seen Silver Sparrow delivering additional malicious payloads, its compatibility with the M1 chip, global reach, relatively high infection rate and operational maturity suggest that Silver Sparrow is a reasonably serious threat,” the researchers wrote.
Silver Sparrow infected Macs in 153 countries on February 17, with the highest concentrations reported in the United States, United Kingdom, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks.