Tag Archive for: Macs

Mysterious malware discovered on 30,000 new Macs – and researchers have no idea what it was designed to do

/in


Security researchers have discovered a piece of malware called Silver Sparrow on 30,000 Mac computers, including those with Apple’s latest M1 chips.

Instead, spreading across 153 countries, the malware is designed to deliver a payload that the researchers have yet not discovered.

It also has a system in place to self-destruct – hiding its existence totally.

As Ars Technica reports, infected computers check a server every hour to see if there are any new commands from malicious individuals to execute.

The malware is even stranger due to the fact it uses the macOS Installer JavaScript API to execute commands, which makes it hard to analyse the contents of the package.

When the malware is executed, all that the researchers found were two messages: for computers using Intel chips, the malware displays the words “Hello World!”, while for M1 Macs it says “You did it!”

The researchers hypothesise that these are simply placeholders for a later execution.

“We’ve found that many macOS threats are distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application—such as Adobe Flash Player—or as updates”, the researchers describe.

Apple has already revoked the binaries that could be mean users accidentally install the malware. The malware does not seem to have delivered any malicious payload, and the company emphasises that using its own Mac App Store is the safest place to get software for its computers Mac.

For programs downloaded outside the store Apple does use technical technical mechanisms including as the Apple notary service detect and block malware.

“To me, the most notable [thing] is that it was found on almost 30K macOS endpoints… and these are only endpoints the MalwareBytes can see, so the number is likely way higher,” says Patrick Wardle, a macOS security expert, according to Ars Technica.

“That’s pretty widespread… and yet again shows the macOS malware is becoming ever more pervasive and commonplace,…

Source…

Hackers slip mysterious malware into 30K Apple Macs

/in


Read Article

Security researchers have discovered a mysterious malware on nearly 30,000 Apple Macs and they have no idea what this is for and how is this virus going to infected the devices.

The malware named ‘Silver Sparrow’ comes with a mechanism to self-destruct itself, a capability that’s typically reserved for high-stealth operations.

“So far, though, there are no signs the self-destruct feature has been used, raising the question of why the mechanism exists,” Ars Technica first reported about the presence of malware citing security researchers.

The lack of a final payload suggests that the malware may spring into action anytime.

The malware has been found in 153 countries with heavy detection reported in the US, the UK, Canada, France and Germany.

Silver Sparrow is an activity cluster that includes a binary compiled to run on Apple’s new M1 chips but lacks one very important feature: a payload.

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat,” according to researchers from cyber security firm Red Canary.

The malware is uniquely positioned to deliver a potentially impactful payload at a moment’s notice.

Silver Sparrow comes in two versions — one with a binary in mach-object format compiled for Intel x86_64 processors and the other Mach-O binary for the M1.

Researchers have earlier warned that Apple’s transition from Intel to its own silicon M1 chip may make it easy for hackers to introduce malware.

“To me, the most notable [thing] is that it was found on almost 30K macOS endpoints… and these are only endpoints the MalwareBytes can see, so the number is likely way higher,” said Patrick Wardle, a macOS security expert.

–IANS

If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]

Source…

Nearly 30,000 Macs reportedly infected with mysterious malware

/in


The malware, which the company calls Silver Sparrow, does not “exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems,” Tony Lambert, an intelligence analyst at Red Canary wrote.

It’s not clear what the malware’s goal is. Silver Sparrow includes a self-destruct mechanism that appears to have not been used, researchers said. It’s also unclear what would trigger that function.

Notably, Silver Sparrow contains code that runs natively on Apple’s in-house M1 chip that was released in November, making only the second known malware to do so, according to the news site Ars Technica.

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat,” researchers wrote.

Silver Sparrow infected Macs in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks.

Source…

New malware found on 30,000 Macs has security pros stumped

/in


Close-up photograph of Mac keyboard and toolbar.

A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists.

Besides those questions, the malware is notable for a version that runs natively on the M1 chip that Apple introduced in November, making it only the second known piece of macOS malware to do so. The malicious binary is more mysterious still, because it uses the macOS Installer JavaScript API to execute commands. That makes it hard to analyze installation package contents or the way that package uses the JavaScript commands.

The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany. Its use of Amazon Web Services and the Akamai content delivery network ensures the command infrastructure works reliably and also makes blocking the servers harder. Researchers from Red Canary, the security firm that discovered the malware, are calling the malware Silver Sparrow.

Reasonably serious threat

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” Red Canary researchers wrote in a blog post…

Source…