Malware 'Silver Sparrow' targeting 30,000 Macs including M1 Macs revealed

Security researchers have discovered malware that affects nearly 30,000 Macs, including computers with Apple's M1 chips. It is said that a Mac infected with malware called ' Silver Sparrow ' works to check the control server once an hour, but what this is for is a mystery and how It has been talked about as it has no idea whether it will pose a threat.

Silver Sparrow macOS malware with M1 compatibility
https://redcanary.com/blog/clipping-silver-sparrows-wings/

New malware found on 30,000 Macs has security pros stumped | Ars Technica
https://arstechnica.com/information-technology/2021/02/new-malware-found-on-30000-macs-has-security-pros-stumped/

It has been generally said that 'Mac is less likely to be the target of hacking and attacks', but this is largely due to its smaller share than Windows, and as the share of Mac increases, it becomes the target of attacks. It's getting easier.

It turns out that the detection rate of malware targeting Mac devices has increased significantly-GIGAZINE

According to a report released by a new security company Red Canary, malware 'Silver Sparrow' that infects 30,000 Macs around the world has been discovered. Macs infected with Silver Sparrow check the control server once an hour to see if there are any new commands or binaries that the malware should execute, but so far no payload has been used to execute the virus. Not confirmed. The fact that the payload has not been confirmed means that the malware can take some action if conditions are met.

Another interesting thing that researchers report is that malware has a 'mechanism to completely remove itself.' Such a function is seen in a highly stealth strategy, but there is no evidence that this function was used at the time of writing the article, and it is a mystery why it has a self-deletion mechanism. In addition, Silver Sparrow uses the macOS installer API to execute commands, which is said to be a feature not found in conventional malware.

Silver Sparrow has been confirmed in 153 countries, but infections mainly occur on Macs in the United States, United Kingdom, Canada, France, and Germany. Researchers have not yet confirmed that Silver Sparrow delivers malicious payloads, but look at compatibility with M1 chips, global spread, relative high infection rates, and operational maturity. It is a serious threat because we are in a position to make a big impact when that time comes. '

Note that Apple has already removed the offending binaries, and Red Canary shows signs of intrusion at the end of the report for those who want to know if their Mac is infected.

Silver Sparrow macOS malware with M1 compatibility
https://redcanary.com/blog/clipping-silver-sparrows-wings/