Security researchers have discovered a previously unknown malware on almost 30,000 Mac systems around the world. As reported, despite the highly infectious nature, the experts are yet to observe the delivery of payload in the machines.
The malware—dubbed Silver Sparrow—is designed with a self-destruction mechanism that might remove any trace of its existence. As of now, it has been detected in 153 nations, while more cases are found in the US, UK, Canada, Germany and France.
A report released by security company Red Canary has included the indicators of compromise, such as files, as well as file paths created and used by the Silver Sparrow that can be used to find out infected systems.
Silver Sparrow Malware
The newly found malware was first detected by the Red Canary and jointly analyzed by the researchers at Malwarebytes and VMWare Carbon Black.
Red Canary's Tony Lambert wrote in a blog post: "According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17."
Despite a high number of infections, neither Red Canary nor their research partners observed a final payload, leaving the ultimate goal of the malware activity a mystery. It is also unclear whether the Silver Sparrow was hidden inside malicious adverts, pirated apps and fake Flash updaters.
The objective behind this malware is also unclear. But they noticed two different types of malware—one was built primarily for the Intel-powered Macs and the other version is compiled specifically for Apple's new M1 chipset.
After infecting a system, the Silver Sparrow waits for a new command from the operators. But researchers noticed that the command never arrived when they were analyzing it. But it doesn't mean that this was a failed malware strain, clarified Red Canary.
Because there is a possibility that the malware is capable of detecting that the researchers are analyzing its behavior and that is why it is avoiding delivering payloads to the systems.
Lambert warned that even though they could not find the malware delivering malicious payloads yet, its global reach, forward-looking M1 chip compatibility, high infection rate and operational maturity suggest that Silver Sparrow is a "reasonably serious threat". He also wrote that it is "uniquely positioned to deliver a potentially impactful payload at a moment's notice."
"Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later," added Lambert.