Security researchers have discovered a new strain of macOS malware dubbed “Silver Sparrow” that has secretly infected nearly 30,000 Apple Mac devices.
Researchers from Red Canary, with contributions from Malwarebytes and VMWare Carbon Black, spotted and analyzed the previously undetected operation in a report released last week.
As of February 17, Silver Sparrow has infected devices in 153 countries, including those in the United States, the United Kingdom, Canada, France and Germany.
Tony Lambert of Red Canary noted Silver Sparrow uses JavaScript for execution and includes a related binary compiled for Apple’s new M1 ARM64 chip architecture. The security team never before detected these features in any other macOS malware.
“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” Lambert wrote in recent blog post.
The report includes technical details on two Silver Canary malware samples.
The first sample contains a Mach-O binary compiled for Intel x86_64 architecture only. However, the second sample is also a Mach-O binary compiled binary, but can be used to target both Intel x86_64 AND M1 ARM64 architectures. The experts say the latter is significant given researchers have discovered very few threats against the young M1 ARM64 architecture.
This recent news comes on the heals of other macOS malware threats from ThiefQuest, OceanLotus campaign, OSX.Dummy and ElectroRAT, just to name a few.
Readers can check out the full report to include more details on the JavaScript installer, malware samples, Command and control (C2) and Indicators of Compromise (IoC).