A new variety of malware has infected Mac devices around the world (most notably in the United States and parts of Europe), although experts cannot decide where it comes from or what it does.
The malicious program, discovered by security company Red Canary and called “Silver Sparrow,” it has infected 29,139 MacOS endpoints in 153 countries, with the highest infection rates in the United States, the United Kingdom, France, Germany, and Canada. The program is also one of the only ones a handful of varieties of malware that are compatible with products driven by Apple’s new M1 chip.
Researchers describe “Sparrow” as a time bomb: the malware doesn’t seem to have any specific function yet. Instead, you are waiting, checking in every hour with a control server to see if there are any new commands that should run on infected devices.
“After observing the malware for more than a week, neither we nor our research partners observed a final payload, which left the ultimate goal of the Silver Sparrow activity a mystery,” writes Tony Lambert, of Red Canary. “We have no way of knowing for sure what payload the malware would distribute, whether a payload has already been delivered and removed, or whether the adversary has a future timeline for distributing it.” Researchers are also not entirely clear how the devices became infected.
Even more disturbing, “Sparrow” seems designed to be deleted from a computer once it has delivered its payload. The program “includes a file check that causes the removal of all persistence mechanisms and scripts” that “removes all components from the endpoint,” Lambert said. Ars Technica writes that these capabilities are typically found in “high-stealth operations,” that is, in intrusive campaigns of a surreptitious nature.
G / O Media may receive a commission
Two different strains of malicious programs have been discovered. You can take a look at a technical breakdown of the two versions and how they work below:
Although, ultimately, researchers are concerned about the reason for the existence of malware, they said which poses a credible danger to infected systems.
“While we have not yet observed that Silver Sparrow produces additional malicious payloads, its compatibility with future M1 chips, global reach, relatively high infection rate, and operational maturity suggest that Silver Sparrow is a reasonable threat. serious, with a unique position to offer a potentially impactful payload at an earlier time, ”said Lambert.
It appears that Apple intervened to stop the spread of malware. The company he told MacRumors which has revoked the certificates of the developer accounts used to sign the packages related to “Sparrow”, which should stop the infection of any other Mac.
However, if you’re worried that your device might be compromised, you can check it out the list of indicators ceded by Red Canary.