A new malware strain has infected Mac devices around the world – most prominently in the US and parts of Europe – although experts can’t decide where it comes from or what it does.
The malicious program, discovered by security company Red Canary and named “Silver Sparrow”, has infected 29,139 macOS endpoints in 153 countries, with the greatest infection rates in the US, UK, France, Germany, and Canada. The program is also one of the only ones a handfull of malware strains compatible with products powered by Apple’s new M1 chip
Researchers describe “Sparrow” as a ticking time bomb: the malware does not seem to have a specific function yet. Instead, it lurks checking in with a monitoring server every hour to see if there are any new commands it should run on infected devices.
“After more than a week of observing the malware, neither we nor our research partners observed a final payload, making the ultimate goal of the Silver Sparrow activity a mystery,” writes Tony Lambert of Red Canary. “We cannot know with certainty which payload is being distributed by the malware, whether a payload has already been delivered and removed, or whether the opponent has a future timeline for distribution.” It is also not entirely clear to researchers how devices are infected.
Even more troubling, “Sparrow” appears to be designed to erase itself from a computer once it delivers it payloadThe program “includes a file check that ensures that all persistence mechanisms and scripts are removed” that “removes all components from the endpoint,” Lambert said. Ars Technica writes that such capabilities are usually found in “high stealth operations”, ie burglary campaigns of a covert nature.
G / O Media can receive a commission
Two different types malware has been discovered. Below you can see a technical overview of the two versions and how they work:
While researchers are ultimately dumbfounded at the reason for the malware’s existence, they said that it poses a plausible danger to infected systems.
“While we have seen that Silver Sparrow does not yet deliver additional malicious payloads, its forward-looking M1 chip compatibility, global reach, relatively high infection rate and operational maturity suggest that Silver Sparrow is a fairly serious threat, uniquely positioned to have a potential. impactful payload in an instant, ”said Lambert.
Apple appears to have stepped in to stop the spread of the malware. Company MacRumors said that it has revoked the certificates of the developer accounts used to sign the “Sparrow” -related packages, which should prevent other Macs from being infected.
However, if you are concerned that your device may have been compromised, you can check it out the list of indicators supplied by Red Canary