Silver Sparrow (malware)
Silver Sparrow | |
---|---|
Technical name | Version 1: updater.pkg; Version 2: update.pkg |
Type | computer virus |
Technical details | |
Platform | MacOS |
Size | Version 1: 53.13 KB; Version 2: 72.08 KB |
The Silver Sparrow computer virus is malware that runs on x86- and Apple M1-based Macintosh computers.[1][2] Engineers at the cyber security firm Red Canary have detected two versions of the malware in January and February 2021.[3]
Description
[edit]Two versions of the malware were reported. The first version (described as the "non-M1" version) is compiled for Intel x86-64. It was first detected in January 2021.[3] The second version contains code that runs natively on Apple's proprietary M1 processor, and was probably released in December 2020 and discovered in February 2021.[4][3] The virus connects to a server hosted on Amazon Web Services.[5] The software includes a self-destruct mechanism.[1]
As of 23 February 2021, information about how the malware is spread and what system may be compromised is sparse. It is uncertain whether Silver Sparrow is embedded inside malicious advertisements, pirated software, or bogus Adobe Flash Player updaters. Red Canary has theorized that systems could have been infected through malicious search engine results that might have directed them to download the code.[3] The ultimate object of the malware's release is also still unknown.[3]
Silver Sparrow is the second malware virus observed to include M1-native code.[6]
Impact
[edit]As of 23 February 2021, Internet security company Malwarebytes has discovered over 29,000 Macs worldwide running their anti-malware software to be infected with Silver Sparrow.[7] Silver Sparrow infected Macs have been found in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France, and Germany, according to data from Malwarebytes.[1] Over 39,000 Macs were affected in the beginning of March 2021.[8]
On 23 February 2021, a spokesperson of Apple Inc. stated that "there is no evidence to suggest the malware they identified has delivered a malicious payload to infected users." Apple also revoked the certificates of the developer accounts used to sign the packages, thereby preventing any additional Macs from becoming infected.[9]
References
[edit]- ^ a b c Alexis Benveniste (21 February 2021). "Nearly 30,000 Macs reportedly infected with mysterious malware". CNN. Retrieved 2021-02-21.
- ^ Hollister, Sean (2021-02-21). "Sophisticated hackers snuck sleeper malware into nearly 30,000 Macs". The Verge. Retrieved 2021-02-23.
- ^ a b c d e "Silver Sparrow macOS malware with M1 compatibility". Red Canary. 2021-02-18. Archived from the original on 2021-03-25. Retrieved 2021-03-31.
- ^ "Mysterious malware found on 30,000 Macs". www.consumeraffairs.com. 2021-02-22. Retrieved 2021-02-23.
- ^ "Thousands infected with 'mystery' virus". NewsComAu. 2021-02-22. Retrieved 2021-02-23.
- ^ Goodin, Dan (2021-02-20). "New malware found on 30,000 Macs has security pros stumped". Ars Technica. Retrieved 2021-02-23.
- ^ "Mysterious malware discovered on 30,000 new Macs". The Independent. 2021-02-22. Retrieved 2021-02-23.
- ^ "macOS Malware Silver Sparrow Affects About 40,000 Macs Running Both Intel and ARM Chips". CPO Magazine. 2021-03-04. Archived from the original on 2021-03-04. Retrieved 2021-03-28.
- ^ "Apple Takes Action Against Silver Sparrow Malware Discovered on 30K Infected Macs". PCMAG. Retrieved 2021-02-24.