A New Malware ‘Silver Sparrow’ Found On 30,000 Macs
Security researchers at Malwarebytes and Red Canary discovered a mysterious piece of malware hiding on nearly 30,000 Macs, one designed to deliver an as-yet-unknown payload, and with a self-destruction mechanism that might remove any trace that it ever existed.
Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.
The malware is notable for a version that runs natively on the M1 chip that Apple introduced in November, making it only the second known piece of macOS malware to do so.
Despite the missing payload, Silver Sparrow's forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat.— Red Canary (@redcanary) February 19, 2021
The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany. Its use of Amazon Web Services and the Akamai content delivery network ensures the command infrastructure works reliably and also makes blocking the servers harder.