A mysterious malware has been found that has targeted more than 30,000 Macs globally so far. researchers are unclear on what is the purpose of this malware as it does not feature a payload. The malware phones home once an hour to look for any executable commands, however, none of the infected machines have so far shown any payload downloaded from the control servers.
The malware also features a self-destruct mechanism that has not been used so far, however, it has the capability to completely remove itself without leaving any trace. Researchers say that such mechanisms are primarily used for stealth missions, which might point towards the malware being backed by a major actor.
The second malware for M1 chips has been discovered
As per Red Canary researchers, The malware has been dubbed “Silver Sparrow” and has been found in 143 countries including the United States, UK, Canada, France, and Germany. It is served using Amazon Web Services and Akamai CDN, which ensures that it cannot easily be blocked around the world. Researchers have also found that the malware is optimized for M1 chips, which makes it the second known malware in existence to be designed for it.
Researchers have also stated that it is unclear how the malware is distributed or gets installed on target systems. A possibility is that it acts as a legitimate app or piggybacks on other infected downloads to silently install on the host machine.
Despite the malware’s current state where it has not caused any disruption, it is a very serious threat as it could be activated anytime to fulfill its purpose.
Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice. Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.
For now, Apple has revoked the developer certificate for the binary files for the malware, which should stop it from executing on macOS. However, the sophisticated nature of the malware is definitely something to be concerned about.