30,000 Macs infected with new Silver Sparrow malware
Named Silver Sparrow, the malware was discovered by security researchers from Red Canary and analyzed together with researchers from Malwarebytes and VMWare Carbon Black.
“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany,” Red Canary’s Tony Lambert wrote in a report published last week.
Mac user? You may want to read this; “Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the US, UK, Canada, France, and Germany.” https://t.co/Xt2nYNf77S #Malware #cybersecurity H/T @malwareowl pic.twitter.com/CTjJD1ZDMg
— Raj Samani (@Raj_Samani) February 22, 2021
But despite the high number of infections, details about how the malware was distributed and infected users are still scarce, and it’s unclear if Silver Sparrow was hidden inside malicious ads, pirated apps, or fake Flash updaters —the classic distribution vector for most Mac malware strains these days.
Furthermore, the purpose of this malware is also unclear, and researchers don’t know what its final goal is.
Once Silver Sparrow infects a system, the malware just waits for new commands from its operators —commands that never arrived during the time researchers analyzed it, hoping to learn more of its inner workings prior to releasing their report.
30,000 Macs infected with new Silver Sparrow malware https://t.co/7pwh88gqf0 pic.twitter.com/lpgvpeQqD0
— Charlie Osborne (@SecurityCharlie) February 22, 2021
But this shouldn’t be interpreted as a failed malware strain, Red Canary warns. It may be possible that the malware is capable of detecting researches analyzing its behavior and is simply avoiding delivering its second-stage payloads to these systems.
The large number of infected systems clearly suggests this is a very serious threat and not just some threat actor’s one-off tests.
SILVER SPARROW SUPPORTS M1 CHIPS
In addition, the malware also comes with support for infecting macOS systems running on Apple’s latest M1 chip architecture, once again confirming this is a novel and well-maintained threat.
#Malware as the #security common cold https://t.co/jgSQ4EngI8 #cybersecurity @DellEnterprise
— Eric Vanderburg (@evanderburg) February 13, 2021
In fact, Silver Sparrow is the second malware strain discovered that can run on M1 architectures after the first was discovered just four days before, showing exactly how cutting-edge this new threat really is.
“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” Lambert warned in his report.
Mysterious Silver Sparrow #malware found nesting on 30K Macs 👉 https://t.co/7eSpDVzpE1
A second malware that targets Macs with Apple’s in-house M1 chip is infecting machines worldwide — but it’s unclear why pic.twitter.com/ban6jmeRhK
— Eugene Kaspersky (@e_kaspersky) February 20, 2021
“Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.”
The Red Canary report contains indicators of compromise, such as files and file paths created and used by the malware, which can be used to detect infected systems.