The malware, which the company calls Silver Sparrow, does not display “the behavior we expected from the common adware so often targeted to MacOS systems,” wrote Tony Lambert, an intelligence analyst at Red Canary.
It is not clear what the purpose of the malware is. Silver Sparrow contains a mechanism for self-destruction that has apparently not been used, researchers said. It is also unclear what the function would cause.
“Although we have not yet observed that Silver Sparrow delivers additional malicious loads, the forward-looking M1 disk compatibility, global reach, relatively high infection rate and operational maturity are a fairly serious threat to Silver Sparrow,” researchers wrote.
Silver Sparrow infects Macs in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks.