The malware, called Silver Sparrow, has not yet done malicious activity.
Mysterious malware – which has not yet engaged in malicious activity – has infected nearly 40,000 Macs, according to cyber security firm Red Canary, which first identified the threat.
The malware, referred to by Red Canary as “Silver Sparrow”, is surprising to researchers because of its elusive motives.
“Most malware has an ultimate purpose,” Brian Donohue, an intelligence analyst at Red Canary, told ABC News in an email. “It could be stealing sensitive information, causing damage to devices or servers, or blocking access to data. In this case, we do not know what the ultimate purpose is because we have not seen Silver Sparrow maliciously act. . “
However, Donohue noted that most malware operations consist of multiple support functions that occur before performing malicious activities, such as gaining initial access or moving between devices within a network.
“In the case of Silver Sparrow, although we did not observe the final payload, we did see other parts of the malware operation,” he added. “We’ve observed this, for example, by using built-in features of macOS to install themselves on victim machines and to maintain persistence over recharging.”
Donohue said a member of Red Canary’s cyber-incident response team first detected the malware – which contains a code that works on Apple’s new M1 chip – based on suspicious behavior of a customer’s device. They did not identify its origin.
“As of today, we can confirm that the threat has infected nearly 40,000 macOS devices,” he told ABC News, citing published data from antivirus firm Malwarebytes, although he said it was likely an “underestimation of the total. extent of the threat. “
He added that the malpractice was called mysterious for two reasons, including that it had an ultimate payload and that researchers could not determine the purpose of the threat.
“The second relates to a file that, if present on an infected machine, causes Silver Sparrow to delete itself,” Donohue said. “We do not know why this file appears on certain systems or why Silver Sparrow had it removed itself.”
Although Silver Sparrow does not currently deliver a malicious payload, Donohue said they are “concerned that it may be updated to deliver at any time.”
“This is exacerbated by the fact that it is present on nearly 40,000 machines and all the necessary infrastructure to support a threatening problem,” he said.
Apple told ABC News that they had revoked the developer account certificates used to sign the packages so that new machines could be infected after discovering the malware.
Apple took note of the security and mechanisms of security, saying that the App Store is the safest place to get software for Macs. In addition, Apple said it uses state-of-the-art technical mechanisms to protect users by detecting and blocking malware from software downloaded outside the Mac App Store.
The researchers also noted that there is no evidence that the new malware produced a malicious payload.