Security researchers have discovered a previously discovered portion of the Mingware that affects Mac users around the world, including newer M1-powered devices. Red Canary researchers say that this “Silver Sparrow” malware should check the infected saver once in an hour.
Reported by Ars Technica, Researchers have yet to observe the actual “delivery of any payload” on infected machines. Therefore, the ultimate target of this malware is unknown. “The lack of a final payload indicates that a malware loader may be in operation once an unknown condition has been completed.”
The maverware also comes with its own “self-destructing” mechanism, but there is no evidence that it has been used yet. Silver Sparrow has been found at 29,139m OS COS endpoints worldwide:
The malicious binary is even more mysterious, as it uses the MacOS installer JavaScript API to execute commands. This makes it difficult to analyze the installation package contents or the way the package uses JavaScript commands.
The Lover has been found in 153 countries with centralized investigations in the US, UK, Canada, France and Germany. Its use of Amazon Web Services and the Akamai Content Delivery Network ensures that the command infrastructure works reliably and makes it difficult to block servers.
The Silver Sparrow Malware also runs natively on Apple’s M1 chip. This makes it the second piece of malware to be discovered that is optimized for Apple Plus Silicone, with the first coming earlier this week. This does not mean that M1Mix is specifically targeted, but that wareware can affect M1MX and IntelMix equally.
Op optimization for the M1 chip, along with things like infection rate and maturity, worries Red Canary researchers:
“Although we have not yet observed Silver Sparrow delivering additional contaminated payloads, the M1 chip compatibility, global reach, relatively high infection rate, and operational maturity seen ahead indicate that Silver Sparrow is a reasonably serious threat to deliver potentially effective. In view of these reasons for the payload concern at the unique position one moment notice, in the spirit of transparency, we would like to share with the Infosec industry as soon as possible. “
Again, researchers have not yet discovered that binary does anything – but it is a threat that looms. You can read more on the Red Canary blog post here.
FTC: We use revenue generating auto to affiliate links. More
Check out 9to5Mac on YouTube for more Apple News: