A new malware virus has infected Mac devices around the world – particularly in the US and parts of Europe – though experts cannot decide where it comes from or what it does.
The malicious program, discovered by security firm Red Canary and called “Silver Sparrow”, infected 29,139 macOS endpoints in 153 countries, with the largest infection rates in the USA, the United Kingdom, France, Germany, and Canada. The program is also one of the only a handful of malware strains that are compatible with products powered by Apple’s new M1 chip.
Researchers describe ‘Sparrow’ as a ticking time bomb: it seems the malware has no specific function yet. Instead, it waits on an hourly basis at a service server to see if there are any new commands that should make it work on infected devices.
“After observing the malware for more than a week, neither we nor our research partners observed a final payload, which left the ultimate goal of Silver Sparrow activity a mystery,” writes Tony Lambert, Red Canary. “We do not know for sure what payload will be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution.” It is also not entirely clear to researchers devices are infected.
Even more disturbing, ‘Sparrow’ seems to be designed to wipe itself off a computer once it’s delivered payload. The program “contains a file control that removes all detention mechanisms and scripts” that “removes all its components from the endpoint,” Lambert said. Ars Technica writes that such capabilities are typically found in ‘high rogue operations’, i.e. burglary campaigns that have a sneaky nature.
G / O Media can get a commission
Two different strains of malware has been detected. You can see a technical breakdown of the two versions and the features below:
While researchers finally exist on the reason for the malware, they said that it poses a credible danger to infected systems.
‘While we have not yet observed Silver Sparrow delivering additional malicious loads, the forward-looking M1 chip compatibility, global reach, relatively high infection rate and operational maturity suggest that Silver Sparrow is a fairly serious threat, positioned uniquely. to make a potential impact. payload notice at a glance, ”Lambert said.
It looks like Apple has stepped in to stop the spread of malware. The company told MacRumors that it revoked the developer account certificates used to sign the “Sparrow” -related packages, which would prevent any other Macs from becoming infected.
However, if you are concerned that your device may be at risk, you can check it out the list of indicators provided by Red Canary.