Some have been successful according to security researchers, with a new family of malware found hiding on macOS. Security firm Red Canary says a malware it calls Silver Sparrow is on around 30,000 MacBook’s running the M1 processor. Samples execute on the victim device, but researchers have yet to understand how the payload is initiated. Instead, it seems the malware is somewhat dormant and waiting for more instructions. The security team points out this is a problem and points to the high sophistication of the attack. Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform. With 29,139 confirmed infections in 153 countries, this is clear a global problem for all macOS users running new hardware. As you may expect, the majority of cases have been found in the United States, United Kingdom, France, Canada, and Germany.
What Is Silver Sparrow?
Red Canary points out the exact nature of Silver Sparrow remains unknown, although it is likely an adware infiltration. There are two versions targeting macOS, the version found on M1 machines and another hiding in Intel-based Macs. Silver Sparrow uses JavaScript to execute on machines. That’s somewhat surprising because JavaScript is not common on macOS: “Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” researchers said in a posting. “This implies that the adversary likely understands…this hosting choice allows them to blend in with the normal overhead of cloud infrastructure traffic. Most organizations cannot afford to block access to resources in AWS and Akamai. The decision to use AWS infrastructure further supports our assessment that this is an operationally mature adversary.”
What’s It For?
What the end version of Silver Sparrow will do remains to be seen. Researchers are unsure what the final payload is, despite monitoring the malware for over two weeks. “The ultimate goal of this malware is a mystery,” researchers add. “We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution.” Tip of the day: Do you know that Windows 10 allows creating PDFs from basically any app with printing support? In our tutorial, we show you how this works via Microsoft Print to PDF and Bullzip PDF Printer to save a PDF from any app, even with advanced options like adjusted quality, multi-page printing, and password protection.