Malicious software, called Silver Sparrow, has not yet performed any malicious activity.
According to cybersecurity company Red Canary, which first detected the threat, a mysterious malware, which has not yet engaged in malicious activity, has infected nearly 40,000 Mac devices.
Malicious software, referred to by Red Canary as “Silver Sparrow,” baffles researchers because of its elusive motives.
“Most malware has an end goal,” Brian Donohue, a Red Canary intelligence analyst, told ABC News by email. “It could be stealing confidential information, damaging devices or servers, or blocking access to data. In that case, we don’t really know what that ultimate goal is, because we haven’t observed Silver Sparrow engaging in malicious activity.”
Donohue noted, however, that most malware operations consist of multiple support functions that occur before malicious activities are performed, such as initial access or scrolling between devices on a network.
“In the case of Silver Sparrow, although we have not observed the final payload, we have seen other parts of the malware operation,” he added. “For example, we observed it using integrated macOS features to install on victim machines and to maintain the persistence of reboots.”
Donohue said a member of the Red Canary cyber incident response team first detected the malware, which includes code running on Apple’s new M1 chip, based on suspicious behavior from the device. a customer. Their origins have not been identified.
“As of today, we can confirm that the threat has infected about 40,000 macOS devices,” he told ABC News, citing published data from the antivirus company Malwarebytes, though he said it is probably an “underestimation.” of the full scope of the threat “.
He added that malware has been dubbed mysterious for two reasons, including that it has no definitive payload and that investigators cannot determine the purpose of the threat.
“The second refers to a file that, if present on an infected machine, causes Silver Sparrow to uninstall,” Donohue said. “We don’t know why this file is present on certain systems or why its presence causes Silver Sparrow to uninstall.”
While Silver Sparrow does not currently supply a malicious payload, Donohue said they are “concerned that it may be upgraded to deliver one immediately.”
“Added to this is the fact that it has a presence of about 40,000 machines and all the infrastructure needed to withstand a more worrying threat,” he said.
Apple told ABC News that it was revoking certificates from developer accounts that were used to sign packages, preventing new machines from becoming infected after malware was discovered.
Apple noted its protection and security mechanisms and said its App Store is the safest place to get Mac software. In addition, Apple said it uses industry-leading technical mechanisms to protect users by detecting and blocking malware for software downloaded outside of the Mac App Store.
The company also noted, as the researchers made clear, that there is no evidence to suggest that the new malware has generated a malicious payload.