A new strain of malware has infected Mac devices around the world-most notably in the United States and parts of Europe-although experts cannot determine its source or effect.
Malicious program be found Security company Red Canary Known as “Silver Sparrow”, 29,139 macOS endpoints have been infected in 153 countries/regions, The highest infection rate In the United States, Britain, France, Germany, And Canada.The program is also unique few Malware strains compatible with products supported by the following products Apple’s new M1 chip.
Researchers describe “Sparrow” as a time bomb: The malware does not seem to have any specific functions. Instead, it is in a waiting state, checking with the controlling server every hour to see if any new commands should be run on the infected device.
“After observing the malware for a week, neither we nor our research partners observed the final payload, so the ultimate goal of the Silver Sparrow campaign is still a mystery,” writes Tony Lambert of Red Canary Tao. “We cannot know with certainty what payload the malware will distribute, whether the payload has been delivered and deleted, or whether the adversary has a future distribution schedule.” The researchers are still unclear. The device is infected.
What’s more disturbing is that “Sparrow” seems to be designed to erase itself from the computer after it is delivered. Payload. Lambert said that the program “includes file checks that lead to the removal of all persistence mechanisms and scripts,” and the file “removes all of its components from the endpoint.” Ars Technica wrote This function is usually found in “highly stealth operations”, which are essentially secret intrusions.
Two different Malware has been found. You can view the technical breakdown of these two versions and their functions below:
They said that even though the researchers were ultimately confused about the reason for the malware, It poses a credible danger to the infected system.
“Although we have not observed that Silver Sparrow can provide other malicious payloads, its forward-looking M1 chip compatibility, global coverage, relatively high infection rate and operational maturity indicate that Silver Sparrow is a very serious threat. The unique advantage can provide instant notification of potential impact to the payload,” Lambert said.
Apple seems to have stepped in to prevent the spread of the malware.the company Tell MacRumors It has revoked the certificate of the developer account used to sign software packages related to “Sparrow”, which should prevent any other Macs from being infected.
However, if you are concerned that your device may be compromised, you can check out List of indicators Offered by Red Canary.