Security researchers have discovered a previously undiscovered malware affecting Mac users worldwide, including the new M1-powered Macs. Red Canary researchers say that this “Silver Sparrow” malware forces infected Macs to check a control section once an hour, but the actual threat remains a mystery.
As reported by Ars Technica, the researchers have not yet observed an actual “delivery of payload” on the infected machines. Therefore, the ultimate goal of this malware is unknown. “The lack of a final payload suggests that malicious software can get started when an unknown condition is met,”
The malware also comes with its own “self-destructing” mechanism, but there is no evidence that it has yet been used. Silver Sparrow is found on 29,139 macOS endpoints worldwide:
Malware has been found in 153 countries with discoveries concentrated in the United States, the United Kingdom, Canada, France and Germany. The use of Amazon Web Services and the Akamai content delivery network ensures that the command infrastructure works reliably and also makes it more difficult to block the servers.
Silver Sparrow malware also runs naturally on Apple’s M1 chip. This makes it the second detected malware optimized for Apple Silicon, with the first coming earlier this week. This does not mean that M1 machines are particularly targeted, but malicious software can also affect M1 machines and Intel machines.
Optimization for the M1 chip combined with things like infection rate and maturity is what worries Red Canary researchers:
“Although we have not yet observed Silver Sparrow deliver additional malicious payloads, the forward-looking M1 chip compatibility, global reach, relatively high infection rate and operational maturity suggest that Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potential impact. payload with a moment’s notice. Given these reasons for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry rather than later. ”
Again, so far scientists have not yet found that the binary does anything – but there is a threat waiting. You can read more on the Red Canary blog post here.
FTC: We use auto affiliate links. More.
Check out 9to5Mac on YouTube for more Apple news: