قالب وردپرس درنا توس
Home / Tips and Tricks / Alarming macOS malware found on over 30,000 computers (including M1 Macs) – Review Geek

Alarming macOS malware found on over 30,000 computers (including M1 Macs) – Review Geek



A partially opened MacBook on an ominous black background.
canadianphotographer56 / Shutterstock

Security researchers at Red Canary have discovered a mysterious new malware on nearly 30,000 Macs, although the actual number of infected computers is likely much higher. It appears that the malware, nicknamed Silver Sparrow, is waiting for the right time to deliver a malicious payload to its host devices. It is one of the first viruses to run natively on both Intel and M1

Macs.

Silver Sparrow has not damaged any computers yet, but checks a monitoring server every hour for new commands. Without access to this control server, we cannot know the purpose behind Silver Sparrow. That said, it is alarming that someone is waiting to “activate” the malware.

A diagram showing each version of the macOS malware and how it works.
Red canary

Another alarming factor is Silver Sparrow’s unique, ingenious design. It is divided into two unique packages, entitled updater.pkg and update.pkgWhile macOS malware usually relies on pre-installation or post-install scripts to run commands, these packages execute commands through the less transparent JavaScript API. Of all the malware Red Canary has come across, it says that Silver Sparrow is the only one that uses the JavaScript API.

Once installed, Silver Sparrow will look up the URL it was downloaded from, probably to help the designers keep track of which infection methods are most effective. Interestingly, Silver Sparrow relies on AWS S3 and Akamai CDN cloud services for file distribution, suggesting that the designers have experience with web servers and cloud computing. Cloud distribution is more resilient than single-server distribution methods, and leveraging popular cloud infrastructure such as AWS allows malware developers to “blend” into mainstream web traffic.

Red Canary partnered with MalwareBytes and found Silver Sparrow virus on nearly 30,000 computers. Of course, this is just the number of infected computers that MalwareBytes can access, the actual number of infected computers is probably much higher. Scroll to the bottom of Red Canary’s report if you want to hunt Silver Sparrow on your Mac, or use MalwareBytes antivirus software to scan your computer for the virus.

Source: Red Canary via Ars Technica




Source link