Puzzling Silver Sparrow Malware on 30,000 Macs

196
SHARE

It is reported on Saturday that a puzzling malware was discovered on 30,000 Macs in 153 countries. And the malware is being called Silver Sparrow by security researchers from the Red Canary firm. It went previously undetected. And the experts are still trying to understand its purpose.

Enter Email to View Articles

Loading...

All infected Macs scan a control server every hour for commands, then execute those commands via the mysterious malware. They found a self-destruct capability that can entirely remove itself from the Mac. But this is a high-stealth operation, and the mechanism has never been activated. 

This version of malware only runs on the new M1 chip.  Apple unveiled M1 in November 2020. It is the second piece of macOS malware that uses the M1. The malicious binary operates with the macOS Installer JavaScript API.

It also uses Amazon Web Services and the Akamai content network which makes blocking the servers more difficult. 

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” the Red Canary blog published Friday. “Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.”

Silver Sparrow Preventative Measures

 Apple says that it has taken preventative steps to stop the spread of the puzzling malware. The company revoked the certificates of developer accounts to stop any additional infections.