New malware found on 30,000 Macs has security pros stumped - Ars Technica

A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown.

Besides those questions, the malware is notable for a version that runs natively on the M1 chip that Apple introduced in November, making it only the second known piece of macOS malware to do so.

Researchers from Red Canary, the security firm that discovered the malware, are calling the malware Silver Sparrow.

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” Red Canary researchers wrote in a blog post published on Friday.

Once installed, Silver Sparrow searches for the URL the installer package was downloaded from, most likely so the malware operators will know which distribution channels are most successful.

In that regard, Silver Sparrow resembles previously seen macOS adware.

Among the most impressive things about Silver Sparrow is the number of Macs it has infected.

Red Canary researchers worked with their counterparts at Malwarebytes, with the latter group finding Silver Sparrow installed on 29,139 macOS endpoints as of Wednesday.