A new strain of malware has infected Mac devices worldwide – mainly in the United States and parts of Europe – although experts cannot decide where it came from or what it does.
The malicious program, discovered by security company Red Canary and nicknamed “Silver Sparrow”, infected 29,139 macOS endpoints in 153 countries, with the highest infection rates in the USA, UK, France, Germany, and Canada. The program is also one of the only a handful malware strains that are compatible with products developed by Apple’s new M1 chip.
The researchers describe “Sparrow” as a time bomb: the malware does not appear to have any specific function yet. Instead, he waits, checking hourly with a control server to see if there are any new commands that should be run on infected devices.
“After watching the malware for more than a week, neither we nor our research partners observed a final payload, leaving the ultimate goal of Silver Sparrow’s activity a mystery,” writes Tony Lambert of Red Canary. “We have no way of knowing with certainty what payload would be distributed by the malware, whether a payload has already been delivered and removed or if the adversary has a future schedule for distribution.” It is also not entirely clear to researchers how devices have been infected.
Even more worrisome, “Sparrow” seems designed to erase itself from a computer once it has delivered its useful load. The program “includes a file check that causes the removal of all persistence mechanisms and scripts” that “removes all of its components from the endpoint,” said Lambert. Ars Technica wrotes about that such capabilities are normally found in “highly stealth operations”, that is, surreptitious intrusion campaigns.
G / O Media can receive a commission
Two different strains of malware have been discovered. You can take a look at a technical analysis of the two versions and how they work below:
Although researchers are baffled as to why the malware exists, they said which represents a reliable danger to infected systems.
“While we haven’t seen Silver Sparrow deliver additional malicious payloads yet, its prospective M1 chip compatibility, global reach, relatively high infection rate and operational maturity suggest that Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver an impactful potential payload at any time, ”said Lambert.
Apple appears to have intervened to prevent the spread of the malware. The company said MacRumors which revoked the developer account certificates used to sign “Sparrow” related packages, which should prevent other Macs from becoming infected.
Still, if you are concerned about your device being compromised, you can check the list of indicators provided by Red Canary.