Malware

Silver Sparrow malware infected around 30,000 Apple Macs

0

Security researchers have discovered a previously undetected malware that was found in about 30,000 Macs running Intel x86_64 and the Apple’s M1 processors.

Cybersecurity firm Red Canary said that two versions of the malware which has been named “Silver Sparrow,” were identified. One compiled only for Intel x86_64 and uploaded to VirusTotal on August 31, 2020 (version 1), while a second variant submitted to the database on January 22 which is compatible with both Intel x86_64 and M1 ARM64 architectures (version 2).

The x86_64 binary, on execution shows the message “Hello, World!” and the M1 binary reads “You did it!”

Tony Lambert of Red Canary said that the Mach-O compiled binaries don’t seem to do all that much and so are called ‘bystander binaries.’

It is not known what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution.

The infected 29,139 macOS endpoints are located across 153 countries mostly detected in the U.S., the U.K., Canada, France, and Germany.

Even though there are differences in the targeted macOS platform, the two samples follow the same modus operandi: using the macOS Installer JavaScript API to execute attack commands by dynamically generating two shell scripts that are written to the target’s file system.

While “agent.sh” executes immediately at the end of the installation to inform an AWS command-and-control (C2) server of a successful installation, “verx.sh” runs once every hour, contacting the C2 server for additional content to download and execute.

The malware also has the capability to completely erase its presence from the compromised host.

In response to the findings, Apple has revoked the binaries that were signed with the Apple Developer ID’s Saotia Seay (v1) and Julie Willey (v2), thus preventing further installations.

Lambert added that even though they haven’t found Silver Sparrow delivering additional malicious payloads so far, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a serious threat that could deliver a potentially impactful payload at any time.

Image Credits : Patently Apple

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Brave browser leaks onion addresses in DNS traffic

    Previous article

    Google alerts abused to deliver fake Adobe Flash updater

    Next article

    You may also like

    More in Malware

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *