The malware, called Silver Sparrow, has not yet engaged in harmful activities.
Mysterious malware – which has not yet engaged in malicious activity – has infected nearly 40,000 Mac devices, according to cybersecurity company Red Canary, which first detected the threat.
The malware, dubbed by Red Canary as the “Silver Sparrow,” discourages researchers because of its evasive motives.
“Most malware has an end in itself,” Brian Donohue, an information analyst at Red Canary, told ABC News via email. “It could steal sensitive information, damage devices or servers, or block access to data. In this case, we don’t really know what that ultimate goal is, because we haven’t noticed that Silver Sparrow is engaging in harmful activities. . “
Donohue noted, however, that most malware operations consist of several support functions that occur before the malicious activity is performed, such as gaining initial access or moving between devices on a network.
“In the case of Silver Sparrow, although I did not notice the final payload, I saw other parts of the malware operation,” he added. “For example, I noticed it using the built-in macOS features to install on victim machines and maintain persistence on reboots.”
Donohue said a member of Red Canary’s cyber incident response team first detected malware – which includes code running on the new Apple M1 chip – based on suspicious behavior on a customer’s device. They did not identify their origins.
“As of today, we can confirm that the threat has infected nearly 40,000 macOS devices,” he told ABC News, citing data released by antivirus firm Malwarebytes, although he said it was likely an “underestimation of the total scope of the threat.”
He added that the malware was mysteriously named for two reasons, including that it has no final payload and that researchers cannot determine the purpose of the threat.
“The second refers to a file that, if present on an infected machine, causes Silver Sparrow to uninstall itself,” Donohue said. “We don’t know why this file is present on certain systems or why its presence causes Silver Sparrow to uninstall itself.”
Although Silver Sparrow does not currently offer a malicious cargo, Donohue said I am “worried that it could be upgraded to deliver one at a time.”
“This is exacerbated by the fact that it has a presence of nearly 40,000 cars and all the infrastructure needed to support a more worrying threat,” he said.
Apple told ABC News that it revoked the certificates of developer accounts used to sign the packages, preventing the infection of new cars after the discovery of malware.
Apple mentioned its protection and security mechanisms and said that the App Store offers the safest place to get Mac software. In addition, Apple said it uses industry-leading technical mechanisms to protect users by detecting and blocking malware for software downloaded outside the Mac App Store.
The company also noted, as the researchers made clear, that there was no evidence to suggest that the new malware generated a harmful payload.