Experts from Red Canary, Malwarebytes and VMWare Carbon Black have detected Silver Sparrow malware targeting Mac users. According to experts, the malware has already infected 29,139 systems in 153 countries. Most of the victims live in the US, UK, Canada, France and Germany.
Official reports state that researchers do not yet know exactly how Silver Sparrow is distributed. It was probably hidden inside malicious ads, pirated applications or fake Flash updates, that is, it used one of the classic vectors for the distribution of Mac malware.
Moreover, the purpose of the Silver Sparrow and the ultimate goal of the malware have not yet been established. The fact is that when Silver Sparrow infects a system, it simply expects new commands from its operators. However, during the time that the researchers watched the malware, it received no commands at all.
“The malware detects analytical tools, notices that it is being watched, and only therefore remains inactive and does not load second-level payloads. Judging by the number of infections, this malware was hardly anyone’s failed experiment or a joke”, – the researchers of Red Canary admit.
It is separately emphasized that Silver Sparrow is capable of working even in systems with the new Apple M1 chip (which once again confirms the serious intentions of its authors). This makes Silver Sparrow only the second detected threat tailored for the M1. Let me remind you that the first malware of this kind was discovered just a few days ago.
The researchers write that they found two different versions of the malware: one was compiled only for Intel x86-64 and uploaded to VirusTotal on August 31, 2020 (updater.pkg), and the second version appeared on January 22, 2021, and is already compatible with Intel x86 architectures 64 and M1 ARM64 (update.pkg).
Apple representatives told MacRumors that they had already revoked developer certificates that were used to sign the malware. This measure should prevent further spread of malware and infection of new Macs.
“Plus, Red Canary did not find any evidence that malware was delivering malicious payload to already infected Macs”, — Apple representatives insisted.
Let me remind you that I recently talked about cybersecurity expert that detected malware for Apple M1 chips.