Nearly 30,000 Macs reportedly infected with mysterious malware

Discussion in 'Networking and Security' started by themickey, Feb 22, 2021.

  1. themickey

    By Alexis Benveniste, CNN Business

    Updated 1842 GMT (0242 HKT) February 21, 2021

    The malware, which the company calls Silver Sparrow, does not "exhibit the behaviors that we've come to expect from the usual adware that so often targets macOS systems," Tony Lambert, an intelligence analyst at Red Canary wrote.
    It's not clear what the malware's goal is. Silver Sparrow includes a self-destruct mechanism that appears to have not been used, researchers said. It's also unclear what would trigger that function.
    Notably, Silver Sparrow contains code that runs natively on Apple's in-house M1 chip that was released in November, making only the second known malware to do so, according to the news site Ars Technica.
    "Though we haven't observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat," researchers wrote.
    Silver Sparrow infected Macs in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks.
    c0d3r likes this.
  2. Anyone here had a problem with this yet?
  3. themickey


    Silver Sparrow is being taken very seriously because of how successful it has already been at quietly infecting over 30,000 Macs around the world, but also because the malware is using Amazon Web Services and Akamai for its command infrastructure. That means it could prove very difficult to take down.

    For now, every Mac infected with Silver Sparrow communicates with a control server every hour to see if there's new commands to carry out. So far, none seem to have been issued. The researchers also discovered the malware includes the capability to remove itself from a system, meaning it could be used to execute a command then promptly disappear.

    Lambert points to many intelligence gaps that need to be filled with regards to Silver Sparrow. "In addition, the ultimate goal of this malware is a mystery. We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution. Based on data shared with us by Malwarebytes, the nearly 30,000 affected hosts have not downloaded what would be the next or final payload."

    Anyone wanting to check if their Mac is infected with Silver Sparrow can read through the "Indicators of Compromise" section of the Red Canary blog post for some pointers on what to look for.
  4. Tradex


    When you see that kind of post, here on ET or elsewhere, you can be sure that someone - the "invisible hand" - is shorting the stock big time (Apple Inc. in this case, down almost 3% just today).

    One of the oldest tricks in the book...:cool:
    calvinp239 likes this.