30,000 Macs infected with new Silver Sparrow malware

Security researchers have spotted a new malicious operation targeting Mac devices that silently infected nearly 30,000 systems.

Appointed Silver sparrow, the malware was discovered by security researchers at Red Canary and analyzed in collaboration with researchers from Malwarebytes and VMWare Carbon Black.

“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints in 153 countries as of February 17, including high detection volumes in the US, UK, Canada, France and Germany.” , wrote Tony Lambert of Red Canary. in a report released last week.

But despite the high number of infections, details of how the malware was distributed and which users were infected are still scarce, and it’s unclear whether Silver Sparrow was hidden in malicious ads, hacked apps, or bogus Flash updaters – the classic distribution vector for most Mac malware strains these days.

Moreover, the purpose of this malware is unclear and researchers are unsure of what its end purpose is.

Once Silver Sparrow infects a system, the malware simply waits for new orders from its operators, orders that never arrived while researchers analyzed it, in the hopes of learning more about how it worked. internal before publishing their report.

But that shouldn’t be interpreted as a failed malware strain, warns Red Canary. It is possible that the malware is able to detect research analyzing its behavior and simply avoids delivering its second-stage payloads to these systems.

The large number of infected systems clearly suggests that this is a very serious threat and not just spot testing of certain threat actors.

Silver Sparrow supports M1 chips

In addition, the malware also supports the infection of macOS systems running on Apple’s latest M1 chip architecture, once again confirming that this is a new and well-maintained threat.

In fact, Silver Sparrow is the second malware strain discovered that can run on M1 architectures after the first was discovered four days ago, showing exactly how state-of-the-art this new threat is.

“While we have yet to observe Silver Sparrow delivering additional malicious payloads, its compatibility with forward-looking M1 chips, global reach, relatively high infection rate, and operational maturity suggest that Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver potentially impactful payload at all times, ”Lambert warned in his report.

“Given these areas of concern, in the spirit of transparency, we wanted to share everything we know with the broader infoec industry as soon as possible.”

The Red Canary report contains indicators of compromise, such as files and file paths created and used by malware, which can be used to detect infected systems.