Security researchers from Red Canary and Malwarebytes discovered that 30,000 Apple Macs were infected by a mysterious malware piece cunningly hidden in the systems.
The malware ‘Silver Sparrow’ was aimed at delivering an unknown payload. It sported a mechanism that enables the malware to self-destruct and deletes all traces of its existence. Researchers are still trying to ascertain what its purpose was and its aim of the self-destruct mechanism.
Researchers discovered the malware in systems from 153 countries; the highest infections were in the U.S, Canada, UK, Germany, and France. The malware uses AWS and Akamai content delivery networks to make it difficult to block the servers. Silver Sparrow comes in two variants.
The first is targeted at Intel x86_64 processors. The second one runs on the M1 chip that Apple introduced in November. Silver Sparrow is the second malware that has code running natively on the M1 chip, ensuring that the code is more reliable and operates faster. The malware uses macOS Installer JavaScript API to execute commands, making it difficult for researchers to analyze the installation package’s contents and the way it uses the commands.
The malware’s purpose is unknown
Once the malware is installed in the Macs, they check the control server once every hour to see if there are any new commands to execute. Given the lack of a final payload, some have suggested that the malware might be triggered once a condition is met.
Success
You are now signed up for our newsletter
Success
Check your email to complete sign up
The researchers have found no indication of the self-destruction mechanism being used, which raises the question as to why such a code was built into the malware. The fact that Silver Sparrow has infected nearly 30,000 Macs is a massive achievement, indicating that malware targeted at macOS is becoming more widespread.
“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice. Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later,” the Red Canary researchers posted.
Hacking iPhones
While Macs are becoming more vulnerable to hackers, Apple said it is making its iPhones even more impervious to third-party intrusion. The next version of iOS, which is 14.5, will have an update that will make it harder for hackers to take control of iPhones through zero-click vulnerabilities.
Such exploits were used by hackers to break into iPhones without requiring any interaction from the target. One security researcher said that many iPhone hackers are getting worried that their techniques, which have been developed over many years, will soon become obsolete.
However, this doesn’t mean that iPhones will become unhackable. Instead, the hackers will now have to find new ways to break through the phone’s security.
“When there’s a will there’s a way—there’s always going to be bugs of some sort, whether that be in PAC (Pointer Authentication Codes) or whether it be a completely different exploitation strategy… This mitigation in reality probably just raises the cost of 0clicks, but a determined attacker with a lot of resources would still be able to pull it off,” developer Jamie Bishop told Vice.
Follow us on Twitter or subscribe to our email list