![]() “To me, the most notable is that it was found on almost 30K macOS endpoints. Red Canary researchers worked with their counterparts at Malwarebytes, with the latter group finding Silver Sparrow installed on 29,139 macOS endpoints as of Wednesday. Last, the company said it provides a variety of hardware and software protections and software updates and that the Mac App Store is the safest venue to obtain macOS software.Īmong the most impressive things about Silver Sparrow is the number of Macs it has infected. Apple also noted there's no evidence of a malicious payload being delivered. The statement said that after finding the malware, Apple revoked the developer certificates. AdvertisementĪn Apple spokesperson provided a comment on the condition they not be named and the comment not be quoted. The URL check, though, suggests that malicious search results may be at least one distribution channel, in which case, the installers would likely pose as legitimate apps. It remains unclear precisely how or where the malware is being distributed or how it gets installed. In that regard, Silver Sparrow resembles previously seen macOS adware. Once installed, Silver Sparrow searches for the URL the installer package was downloaded from, most likely so the malware operators will know which distribution channels are most successful. Silver Sparrow’s M1 version suggests its developers are ahead of the curve. Many developers of legitimate macOS apps still haven’t completed the process of recompiling their code for the M1. Native M1 code runs with greater speed and reliability on the new platform than x86_64 code does because the former doesn’t have to be translated before being executed. An adware sample reported earlier this week was the first. Advertisementįurther Reading Apple M1-native malware has already begun to appearSilver Sparrow is only the second piece of malware to contain code that runs natively on Apple’s new M1 chip. Researchers from Red Canary, the security firm that discovered the malware, are calling the malware Silver Sparrow. ![]() Its use of Amazon Web Services and the Akamai content delivery network ensures the command infrastructure works reliably and also makes blocking the servers harder. The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany. That makes it hard to analyze installation package contents or the way that package uses the JavaScript commands. The malicious binary is more mysterious still because it uses the macOS Installer JavaScript API to execute commands. So far, though, there are no signs the self-destruct feature has been used, raising the question of why the mechanism exists.īesides those questions, the malware is notable for a version that runs natively on the M1 chip that Apple introduced in November, making it only the second known piece of macOS malware to do so. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.Īlso curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, and security researchers are still trying to understand precisely what it does and what purpose its self-destruct capability serves.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |