Silver Sparrow Malware Hatched on 30,000 Macs

www.technewsworld.com
5 min read
fairly difficult
Nearly 30,000 Macs have been infected with a new malware strain. Discovered by researchers at Red Canary, the malware has been sitting on it hosts waiting for a payload that never arrived. In a statement provided to TechNewsWorld, Apple said that upon discovering the malware, it revoked the certificates of the developer accounts used to sign the packages, preventing new machines from being infected.
Online Cybersecurity Degree

Pursue lucrative and in-demand roles with Utica College's 100% online cybersecurity degree. You'll choose from four specializations to tailor your degree to your career goals. Study at an institution designated as a National Center of Academic Excellence in Cyber Defense Education (CAE/CDE). Request Information »

Nearly 30,000 Macs in 153 countries have been infected with a new malware strain that security researchers are calling Silver Sparrow.

Discovered by researchers at Red Canary, the malware has been sitting on it hosts waiting for a payload that never arrived.

"Though we haven't observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment's notice," Red Canary Intelligence Analyst Tony Lambert wrote in a company blog Thursday.

Although researchers at Malwarebytes have identified 29,139 macOS endpoints infected by Silver Sparrow, many more machines could be hit by the malicious software, maintained Tony Anscombe, chief security evangelist at Eset.

"Based on what was first seen, the malware may be more widespread than is called out in the disclosure," he told TechNewsWorld. "The 30K number comes from a single security vendor as opposed to the entire macOS environment."

However, Malwarebytes Director of Mac and Mobile Thomas Reed maintained the bad app may be coming to light as it's about to go dark.

"This may be an infection that's already run its course," he told TechNewsWorld.

"There's a file that triggers the malware to self-delete," he explained. "That file is making up most of our detections at the moment. The creator seems to be sending the self-destruct command now."

Blocked by Apple

In a statement provided to TechNewsWorld, Apple said that upon discovering the…
Read full article