Security researchers discovered a new malware operation targeting Mac devices, which silently infected nearly 30,000 systems.
name Silver sparrowThe malware was discovered by security researchers from Red Canary and analyzed with researchers from Malwarebytes and VMWare Carbon Black.
“According to data provided by Malwarebytes, as of February 1
However, despite the high number of infections, detailed information about how the malware was distributed and the infected users is still scarce. It is not clear whether Silver Sparrow is hidden in malicious advertisements, pirated apps or fake Flash updaters (large The classic distribution medium for most Mac malware) these days.
In addition, the purpose of the malware is not clear, and the researchers do not know what its ultimate goal is.
Once Silver Sparrow infects the system, the malware will wait for its operator to issue new commands, which have never appeared in the process of analyzing it by the researchers, and hope to understand its internal workings before publishing the report.
But this cannot be explained as a failed malware pressure, Red Canary warned. The malware may be able to detect studies that analyze its behavior, but simply avoid passing its second-stage payload to these systems.
The large number of infected systems clearly shows that this is a very serious threat and not just a one-time test of certain threat actors.
Silver Sparrow supports M1 chip
In addition, the malware also supports the infection of macOS systems running on Apple’s latest M1 chip architecture, confirming once again that this is a novel and well-maintained threat.
In fact, Silver Sparrow is the second type of malware found and can run on the M4 architecture. The first type was discovered only four days ago, which accurately shows the true extent of this new threat.
“Although we have not observed that Silver Sparrow can provide additional malicious payloads, its forward-looking M1 chip compatibility, global coverage, relatively high infection rate, and operational maturity indicate that Silver Sparrow is a serious threat. The unique positioning can bring potential impact and notify the payload instantly.” Lambert warned in the report.
“In view of these worrying reasons, and in the spirit of transparency, we hope to share everything we know with the wider information security industry as soon as possible.”
Red Canary reports contain signs of damage, such as files and file paths created and used by malware, which can be used to detect infected systems.