Researchers have found a new and very confusing piece of malware that is immediately very widespread. The malware was named Silver Sparrow.
The software was discovered by research firm Red Canary and has since been investigated by Malwarebytes and VMWare Carbon Black. According to those researchers, the malware is very different from the more typical ‘adware’ found on Macs.
It has now been found on some 30,000 computer systems in 153 different countries, including the United States, the United Kingdom, Canada, France and Germany. This also includes devices that have the new M1 chip from Apple on board. Apple says it is working on ways to mitigate potential damage from the malware.
The malware was given the name Silver Sparrow, but it is not clear what it does exactly. The software seems to be calling on a command-and-control server every hour and waiting for new instructions, which are not yet coming. In the code, researchers have found a system that destroys the code itself, hiding its existence.
So it appears to be code that acts as the first step of a more elaborate malware, paving the way for installing the actual payload. This often concerns, for example, ransomware that encrypts files or adware that calls up pages on the infected computers to generate ‘clicks’ for the manager of the malware.
That ‘payload’ doesn’t seem to have been downloaded anywhere by Silver Sparrow yet, adding to the confusion. It is also not entirely clear how the malware got to those 30,000 computers. Researchers could not find out whether they were, for example, in malicious ads, apps or fake Flash updates. These are the most common distribution methods for Mac malware.