A new strain of malware has infected Mac devices around the world – the most visible in the US and parts of Europe – although experts cannot decide where they come from or what they do.
Malicious program, discovered by Red Canary security firm and nicknamed “Silver Sparrow”, it infected 29,139 MacOS endpoints in 153 countries, with the highest infection rates in the USA, United Kingdom, France, Germany, and Canada. The program is also one of the only ones one hand of malware strains that are compatible with products powered by Apple’s new M1 chip.
Researchers describe “Sparrow” as a time bomb: the malware does not yet appear to have any specific function. Instead, it waits, checking the schedule with a control server to see if there are any new commands that should run on infected devices.
“After noticing the malware for over a week, neither we nor our research partners noticed a final payload, leaving a final goal of Silver Sparrow’s mystery a mystery,” writes Tony Lambert of Red Canary. “We have no way of knowing for sure what payload would be distributed by the malware, whether a payload has already been delivered and removed, or whether the opponent has a future timeline for distribution.” Also, researchers are not very clear how the devices have been infected.
Even more disturbing, “Sparrow” seems designed to be deleted from your computer once it has been delivered. payload. The program “includes a file check that removes all persistence mechanisms and scripts” that “removes all of its components from the endpoint,” Lambert said. Ars Technica writes that such capabilities are commonly found in “high stealth operations”, ie in intrusion campaigns that are of a subversive nature.
G / O Media may receive a commission
Two different strains of malware has been discovered. You can take a look at a technical breakdown of the two versions and how they work below:
While researchers are finally surprised by the reason for the existence of malware, they said that it poses a credible danger to infected systems.
“Although we have not yet noticed that Silver Sparrow still provides harmful payloads, M1 chip compatibility, global coverage, relatively high infection rate and operational maturity suggest that Silver Sparrow is a fairly serious threat, uniquely positioned to provide a payload at some point, ”Lambert said.
Apple seems to have intervened to stop the spread of malware. Company said MacRumors that it revoked the developer account certificates used to sign Sparrow-related packages, which should stop infecting any other Mac.
However, if you’re worried, your device may be compromised, you can check list of indicators provided by Red Canary.