30,000 Macs Infected with Mysterious Malware

By Arvind Datta | February 25, 2021
Arvind is a recluse who prefers staying far away from the limelight as possible. Be that as it may, he keeps a close eye on what's happening and reports on it to keep people rightly informed.

Security researchers from Red Canary and Malwarebytes discovered that 30,000 Apple Macs were infected by a mysterious malware piece cunningly hidden in the systems.

The malware ‘Silver Sparrow’ was aimed at delivering an unknown payload. It sported a mechanism that enables the malware to self-destruct and deletes all traces of its existence. Researchers are still trying to ascertain what its purpose was and its aim of the self-destruct mechanism.

Researchers discovered the malware in systems from 153 countries; the highest infections were in the U.S, Canada, UK, Germany, and France. The malware uses AWS and Akamai content delivery networks to make it difficult to block the servers. Silver Sparrow comes in two variants. 

The first is targeted at Intel x86_64 processors. The second one runs on the M1 chip that Apple introduced in November. Silver Sparrow is the second malware that has code running natively on the M1 chip, ensuring that the code is more reliable and operates faster. The malware uses macOS Installer JavaScript API to execute commands, making it difficult for researchers to analyze the installation package’s contents and the way it uses the commands.

The malware’s purpose is unknown

Once the malware is installed in the Macs, they check the control server once every hour to see if there are any new commands to execute. Given the lack of a final payload, some have suggested that the malware might be triggered once a condition is met. 

The researchers have found no indication of the self-destruction mechanism being used, which raises the question as to why such a code was built into the malware. The fact that Silver Sparrow has infected nearly 30,000 Macs is a massive achievement, indicating that malware targeted at macOS is becoming more widespread.

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice. Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later,” the Red Canary researchers posted.

Hacking iPhones

While Macs are becoming more vulnerable to hackers, Apple said it is making its iPhones even more impervious to third-party intrusion. The next version of iOS, which is 14.5, will have an update that will make it harder for hackers to take control of iPhones through zero-click vulnerabilities. 

PARIS, FRANCE – MARCH 01: A mobile phone is seen, during Paris Fashion Week – Womenswear Fall/Winter 2020/2021, on March 01, 2020 in Paris, France. (Photo by Edward Berthelot/Getty Images)

Such exploits were used by hackers to break into iPhones without requiring any interaction from the target. One security researcher said that many iPhone hackers are getting worried that their techniques, which have been developed over many years, will soon become obsolete.

However, this doesn’t mean that iPhones will become unhackable. Instead, the hackers will now have to find new ways to break through the phone’s security. 

“When there’s a will there’s a way—there’s always going to be bugs of some sort, whether that be in PAC (Pointer Authentication Codes) or whether it be a completely different exploitation strategy… This mitigation in reality probably just raises the cost of 0clicks, but a determined attacker with a lot of resources would still be able to pull it off,” developer Jamie Bishop told Vice.

Follow us on Twitter or subscribe to our email list