20 February 21, 11:45
Quote:Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform.
Curiously, in the samples seen so far by analysts at Red Canary, the malware (dubbed Silver Sparrow) has been executing on victim machines with the final payload yet to be determined. It appears to be lying in wait for further instructions, which is worrying because it’s clear that the authors are advanced and sophisticated adversaries, researchers said.
Silver Sparrow has taken flight in any event: As of February 17, this fresh entry to the malware scene had already infected 29,139 macOS endpoints across 153 countries, according to researchers – primarily in Canada, France, Germany, the United Kingdom and the United States.
Apple released the M1 system-on-a-chip (SoC) last fall, marking the first time that the tech giant has created its own desktop/laptop silicon. The pivot from the Intel chips that Macs used before comes with a few benefits, such as faster performance for native applications. It also integrates a graphics processor, a machine-learning neural engine and the company’s T2 security chip. And, it uses ARM architecture, which usually powers mobile or portable devices. The smaller ARM profile translates into lower power consumption, and, Apple says, double the battery life.
With new Macs starting to roll out, cybercriminals are now turning their attention to these M1-powered targets, as evidenced by the emergence of a rebooted “Pirrit” adware detailed by Patrick Wardle this week. And now, the Silver Sparrow malware family has appeared on the scene – a brand-new malware built for the Mac M1 ecosystem, researchers said.
Silver Sparrow is very likely an adware, according to researchers at Red Canary. It has two versions – one that targets Intel-based Macs, and one that is built to infect both the older and M1-based devices. Most notably, it uses JavaScript for execution – a rarity in the macOS malware world.
“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” researchers said in a posting on Thursday.
Read more: https://threatpost.com/silver-sparrow-ma...cs/164121/