[German]Security researchers have detected a malware dubbed "Silver Sparrow" that has infected around 30,000 Macs, including the new machines with M1 chip. Here are a few information about that.
Advertising
In early February 2021, security researchers Wes Hurd and Jason Killam came across a family of macOS malware that uses a LaunchAgent to install the malware on the machines. However, an investigation quickly revealed that this malware exhibited behavior that deviated from the usual adware targeting macOS systems. The novelty of this downloader stems primarily from the way it uses JavaScript for execution – something that security researchers had not previously encountered in other macOS malware. Also new was the appearance of a related binary compiled for Apple's new M1 ARM64 architecture.
Security researchers have christened the malware family "Silver Sparrow." Thanks to the contributions of Erika Noerenberg and Thomas Reed from Malwarebytes and Jimmy Astle from VMware Carbon Black, it quickly became clear that this is an apparently previously undiscovered malware family. According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints in 153 countries as of Feb. 17, including a high number of detections in the U.S., U.K., Canada, France and Germany.
Although Silver Sparrow has not yet been observed to deliver additional malicious payloads, its forward-looking compatibility with the M1 chip, global reach, relatively high infection rate, and operational maturity suggest that Silver Sparrow is a fairly serious threat that is uniquely positioned to deliver a potentially momentous payload in the blink of an eye.
Given these troubling facts, in the spirit of transparency, the security researchers wanted to share everything they knew with the broader infosec industry sooner rather than later. The security researchers have published the details in this post.
