The malware, which the company calls Silver Sparrow, does not “exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems,” Tony Lambert, an intelligence analyst at Red Canary wrote.
It’s not clear what the malware’s goal is. Silver Sparrow includes a self-destruct mechanism that appears to have not been used, researchers said. It’s also unclear what would trigger that function.
“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat,” researchers wrote.
Silver Sparrow infected Macs in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks.