The malware, called Silver Sparrow, has not yet engaged in any malicious activity.
Mysterious malware – not yet engaged in malicious activity – has infected nearly 40,000 Mac devices, according to cybersecurity firm Red Canary, which first discovered the threat.
The malware, described by Red Canary as “Silver Sparrow”, baffles researchers for its elusive motives.
“Most malware has an ultimate purpose,” Brian Donohue, an intelligence analyst at Red Canary, told ABC News via email. “It could be stealing sensitive information, harming devices or servers, or blocking access to data. In this case, we don’t really know what that ultimate goal is because we haven’t seen Silver Sparrow malicious activity. unfolded. “
However, Donohue noted that most malware operations consist of multiple support functions that occur before malicious activity, such as gaining initial access or moving between devices on a network.
“In the case of Silver Sparrow, while we did not observe the final payload, we saw other parts of the malware operation,” he added. “For example, we’ve observed that it uses macOS built-in features to install itself on victims’ computers and maintain persistence during reboots.”
Donohue said a member of Red Canary’s cyber incident team first discovered the malware – which contains code running on Apple’s new M1 chip – based on suspicious behavior on a customer’s device. They have not identified its origin.
“As of today, we can confirm that the threat has infected nearly 40,000 macOS devices,” he told ABC News, citing published data from antivirus company Malwarebytes, although he said this is likely an “underestimate of the overall scale of the threat” .
He added that the malware has been called mysterious for two reasons, including the lack of an ultimate payload, and researchers are unable to determine the target of the threat.
“The second involves a file that, if present on an infected machine, causes Silver Sparrow to uninstall itself,” said Donohue. “We don’t know why this file is present on certain systems or why Silver Sparrow removes itself because of its presence.”
While Silver Sparrow does not currently deliver a malicious payload, Donohue said they are “concerned that it could be updated to deliver one in the blink of an eye.”
“This is compounded by the fact that it is present on nearly 40,000 machines and all the infrastructure needed to support a more troubling threat,” he said.
Apple told ABC News that it revoked the certificates of the developer accounts used to sign the packages to prevent new machines from being infected after it discovered the malware.
Apple noted its security and mechanisms and said the App Store is the safest place to get software for Macs. In addition, Apple said it uses industry-leading technical mechanisms to protect users by detecting and blocking malware for software downloaded outside the Mac App Store.
The company also noted, as made clear by the researchers, that there is no evidence that the new malware has delivered any malicious payload.