Security researchers have identified a new malware that targets Mac devices and has infected nearly 30.000 systems. The malware called Silver Sparrow was discovered by security researchers from Red Canary and analyzed with researchers from Malwarebytes and VMWare Carbon Black.
"According to data provided by Malwarebytes, Silver Sparrow has infected 17 macOS endpoints in 29.139 countries since February 153 - some of which were United StatesThe United Kingdom, The Canada"France and Germany," wrote Red Canary's Tony Lambert in a report published last week.
However, despite the large number of infections, details on how the malware is distributed and the infected users are still not available and It is not clear whether Silver Sparrow was hidden in malicious ads, pirated applications or fake Flash updates - The classic distribution vector for most Mac malware executives.
In addition, the purpose of this malware is also unclear and researchers do not know what its ultimate goal is.
Once Silver Sparrow infects a system, the malware waits for new commands from its operators - commands that never arrived during the time the researchers analyzed, hoping to learn more about the internal functions before releasing their report.
But this should not be interpreted as a failed malware strain, warns Red Canary. It is possible that malware detects research that analyzes its behavior and simply avoids the delivery of second phase payload in those systems.
The large number of infected systems clearly indicates that this is a very serious threat and not just individual tests someone hacker.
In addition, the malware also comes with support for infecting macOS systems running Apple's latest M1 chip, confirming once again that this is a new one threatening.
In fact, Silver Sparrow is the second malware strain discovered and can run on an M1 chip after the first was discovered just four days ago.
The Red Canary report contains various information, such as archives and file paths that were created and were used by malware, which can be used to detect infected systems.
Source of information: zdnet.com
Greek
Chinese (Simplified)
English
Greek
Russian