Security researchers have discovered new malware that has already been installed on Macs. However, so far it has done nothing more than wait for new commands. The malware called Silver Sparrow comes as an installation package on Mac and obviously the user must install it first. There is an “updater.pkg”, which is designed for Intel Macs, and an update.pkg, which delivers a tailored program for Intel and ARM Macs in the standard Mach-O binary format, as explained by security company Red Canary. .
The malware has not yet received any new commands
The program is only a “spectator”, says in the analysis of the security company. If it’s open, it simply shows “Hello world!” or “You did it!” to. The malware uses the macOS installer JavaScript interface to run shell scripts and permanently set itself on the system as a LaunchAgent. Silver Sparrow contacted a command server every hour to upload and run additional content. The tool was observed for more than a week, but the payload was not reloaded, so the target of the malware remains a mystery, according to security researchers.
The Malwarebytes antivirus tool was able to detect a Silver Sparrow infection on more than 29,000 Macs in mid-February; The malware was particularly frequently installed on Macs in the US, Great Britain, Canada, France, and Germany.
Certificate withdrawn by Apple
It is not clear how the installation package is delivered. Security researchers suspect that it is being sold through various channels and masquerading as legitimate Mac software that is offered for download on Mac via rigged banner ads or search results. Apple has apparently removed the developer certificates used by installation packages for signing.
What’s unusual for malware that is so common in nature is that it has a self-destruct routine with which it is supposed to disappear from an infected Mac without a trace. This apparently hasn’t been turned on so far either, according to security researchers. Otherwise, these techniques are more likely to use human-targeted malware.
(lbe)
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.
