Security researchers at Malwarebytes and Red Canary have discovered malware that was surreptitiously installed on nearly 30,000 Macs. They said the cluster of malware, which they named “Silver Sparrow,” could present a major security threat to Mac owners.
They noted that it’s designed to run on all Mac platforms (including newer Macs based on Apple’s own M1 chip) and that it has a high and far-reaching infection rate. For these reasons, the team concluded that Silver Sparrow is “a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice.”
At this point, the researchers don’t know what kind of payload the malware has been designed to deliver. Another frightening facet is that it appears to have been designed to erase itself from a host computer -- a mechanism typically reserved for high-stealth operations
Additionally, the researchers found that the malware uses Amazon Web Services and the Akamai content delivery network. This gives it the ability to receive commands from whoever created it.
In a blog post, Red Canary offered a detailed technical analysis of the newly discovered malware. At the end of the report, it outlines indicators of compromise to help consumers determine whether their Mac has been infected. The team said there’s no indication that the malware has yet been used for malicious purposes.
Apple has been alerted to the issue and has revoked the binaries, meaning no more users will be able to install it accidentally. However, the malware is still on close to 30,000 Macs in 153 countries.
“To me, the most notable [thing] is that it was found on almost 30K macOS endpoints... and these are only endpoints the MalwareBytes can see, so the number is likely way higher,” says Patrick Wardle, a macOS security expert, according to Ars Technica.
“That’s pretty widespread... and yet again shows the macOS malware is becoming ever more pervasive and commonplace, despite Apple’s best efforts.”