Nearly 40,000 Macs infected by mysterious malware, researchers say

The malware, dubbed Silver Sparrow, has not yet engaged in malicious activity.

Mysterious malware — that has not yet engaged in malicious activity — has infected nearly 40,000 Mac devices, according to the cybersecurity firm Red Canary, which first detected the threat.

The malware, dubbed by Red Canary as “Silver Sparrow,” is baffling researchers because of its elusive motives.

“Most malware has an ultimate goal,” Brian Donohue, an intelligence analyst at Red Canary, told ABC News via email. “It might be to steal sensitive information, cause damage to devices or servers, or block access to data. In this case, we don’t actually know what that ultimate goal is, because we haven’t observed Silver Sparrow engaging in malicious activity.”

Donohue noted, however, that most malware operations consist of multiple supporting functions that occur prior to the execution of malicious activity, such as gaining initial access or moving between devices on a network.

“In the case of Silver Sparrow, while we haven’t observed the final payload, we have seen other parts of the malware operation,” he added. “For example, we’ve observed it using built-in functions of macOS to install itself on victim machines and to maintain persistence across reboots.”

Donohue said a member of Red Canary’s cyber incident response team first detected the malware — which includes a code that runs on Apple’s new M1 chip — based on suspicious behavior from a customer’s device. They have not identified its origins.

“As of today, we can confirm that the threat has infected nearly 40,000 macOS devices,” he told ABC News, citing published data from antivirus firm Malwarebytes, though he said this is likely an “underestimation of the total scope of the threat.”

He added that the malware has been dubbed mysterious for two reasons, including that it lacks an ultimate payload and researchers cannot determine the purpose of the threat.

“The second relates to a file that, if present on an infected machine, causes Silver Sparrow to uninstall itself,” Donohue said. “We do not know why this file is present on certain systems or why its…