The malware, which the company calls Silver Sparrow, “does not exhibit the behavior that we are used to from the usual adware targeting macOS systems so often,” wrote Tony Lambert, an intelligence analyst at Red Canary.
It is not clear what the purpose of the malware is. Silver Sparrow contains a self-destruct mechanism that doesn’t appear to have been used, researchers said. It’s also unclear what would trigger that feature.
“While we have seen that Silver Sparrow does not yet deliver additional harmful payloads, its forward-looking M1 chip compatibility, global reach, relatively high infection rate and operational maturity suggest that Silver Sparrow is a fairly serious threat,” the researchers wrote.
Silver Sparrow infected Macs in 153 countries as of Feb. 17, with higher concentrations reported in the US, UK, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks.