Security researchers have discovered new malware that has already been installed on Macs. However, so far it has done nothing more than wait for new commands. The malware called Silver Sparrow comes as an installation package on Mac and obviously the user must install it first. There is an “updater.pkg”, which is designed for Intel Macs, and an update.pkg, which delivers a tailored program for Intel and ARM Macs in the standard Mach-O binary format, as explained by security company Red Canary. .
The malware has not yet received any new commands
The Malwarebytes antivirus tool was able to detect a Silver Sparrow infection on more than 29,000 Macs in mid-February; The malware was particularly frequently installed on Macs in the US, Great Britain, Canada, France, and Germany.
Certificate withdrawn by Apple
It is not clear how the installation package is delivered. Security researchers suspect that it is being sold through various channels and masquerading as legitimate Mac software that is offered for download on Mac via rigged banner ads or search results. Apple has apparently removed the developer certificates used by installation packages for signing.
What’s unusual for malware that is so common in nature is that it has a self-destruct routine with which it is supposed to disappear from an infected Mac without a trace. This apparently hasn’t been turned on so far either, according to security researchers. Otherwise, these techniques are more likely to use human-targeted malware.