10.7 C
New York
Sunday, April 18, 2021
More

    Silver Sparrow: Mysterious malware discovered on 29,000+ Macs

    The software designed for Intel and ARM Macs has a self-destruct function and regularly contacts command servers, but so far does nothing.

    Security researchers have discovered new malware that has already made its home on Macs. So far, however, she has not done anything except wait for further orders. The malware called Silver Sparrow comes as an installation package on Macs and obviously has to be installed by the user first. There is both an “updater.pkg”, which is designed for Intel Macs, and an update.pkg, which delivers a program adapted for Intel and ARM Macs in the standard Mach-O binary format, such as the security company Red Canary explained.

    CT Forcast: Crypto Price Analysis

    Do you know Bitcoin Price May Fall Ahead Of Chinese New Year says analyst yes, its true but this technical indicator can give you laser sharp entry points to invest money in cryptocurrency consistently.

    Malware has not yet received any new commands

    The program is nothing more than a “viewer”, according to the security company’s analysis . If it is opened, it either simply shows “Hello, World!” or “You did it!” at. The malware uses the installer JavaScript interface of macOS to execute shell scripts and to settle permanently on the system as a LaunchAgent. Silver Sparrow contacted a command server every hour to load and execute additional content. The tool was observed for over a week, but no payload was reloaded, which is why the target of the malware remains a mystery, according to the security researchers.

    The AV tool Malwarebytes was able to detect an infection with Silver Sparrow on more than 29,000 Macs by mid-February; the malware was particularly frequently installed on Macs in the USA, Great Britain, Canada, France and Germany.

    Certificate withdrawn by Apple

    It is unclear how the installation package is delivered. The security researchers suspect that it is sold through various channels and disguised as legitimate Mac software that is offered for download on Macs via manipulated advertising banners or search results. Apple has apparently withdrawn the developer certificates used by the installation packages for signing.

    What is unusual for malware that is so common in the wild is that it has a self-destruct routine with which it is supposed to disappear from an infected Mac without a trace. This has apparently not been ignited so far, according to the security researchers. Such techniques are otherwise more likely to use malware that is targeted against individuals.

    [Update 02/22/2021 6:20 pm] The following files can be found on an infected Mac, which are considered “indicators of a compromise”, as the security researchers write:

    /tmp/agent.sh

    /tmp/version.json

    /tmp/version.plist

    ~/Library/._insu

    Latest Posts

    spot_imgspot_img

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.