Mysterious malware infecting Apple Silicon Macs has no payload – yet. A mysterious virus has attacked the computers of nearly 30,000 Apple companies around the world.
Can Macs be infected with malware?
According to the researchers of the security company Red Canary, a mysterious virus has entered about 30,000 Macs.
According to researchers, the purpose of the virus has not been determined. In a blog post, the company said that so far the virus has not done any harm to the computer.
Researchers have dubbed the virus Silver Sparrow. This virus looks different from the previous computer virus that attacked Apple’s Mac operating system and surprisingly so far it has no effect on the device.
The virus has a self-destruct mechanism that has not been seen before by cyber attackers. Researcher Tony Lambert says it is not yet clear what effect this will have on computers.
It is estimated that the virus may have entered the Mac computer during the internet search. According to researchers, the Silver Sparrow contains the code used in Apple’s own M1 chip.
RELATED POST: Apple Billion Users, Apple’s record 1 Billion Users
According to researchers, the virus may have started attacking Apple Computer late last year and by February 17, it had attacked 29,139 Macs in 153 countries around the world.
Among them, the United States, the United Kingdom, Canada, France, and Germany have the highest transition rates. However, this number is much lower than the millions of Macs in use worldwide.
Mysterious malware infecting Apple Silicon Macs has no payload
More malware affecting Apple Silicon Macs has been uncovered, but researchers have spotted that it is lacking a malicious payload, for the moment.
It seems that there may be more malware aimed at Apple’s M1-based Macs than previously thought. Following the initial reports of the first M1 malware found in the wild. It seems that there are more infections of malware, but of a particularly toothless variety.
The malware cluster, named by the researchers as “Silver Sparrow,” also involved a binary compiled to work with M1 chips. This made it malware that would potentially target Apple Silicon Macs.
Silver Sparrow – the undetected strain of malware
Further research from researchers at VMware Carbon Black and Malwarebytes determined it was likely that Silver Sparrow. That was a “previously undetected strain of malware”. As of February 17, it had been detected in 29,139 macOS endpoints across 153 countries. With the bulk of infections residing in the US, the UK, Canada, France, and Germany.
At the time of publication, the malware hasn’t been used to deliver a malicious payload to victim Macs. Though that could change in the future. Due to the compatibility with M1, the “relatively high infection rate” and the operational maturity of the malware. It was deemed to be a serious enough threat that is “uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” prompting a public disclosure.
Versions of Mysterious malware
Two versions of the malware were discovered, with one version’s payload consisting of a binary affecting Intel-based Macs only, while the other was a binary that was compiled for both Intel and M1 architectures. The payload is seemingly a placeholder, as the first version opens a window that literally says “Hello, World!” and the second states “You did it!”
If it were malicious malware, the payload could potentially allow the same. Or similar payload instructions to affect both architectures from a single executable.
This is a behavior that is sometimes seen with legitimate software and not malware. Which usually uses preinstall or post-install scripts for command execution.
Once successful, the infection attempts to check a specific URL for a downloadable file, which could contain further instructions or a final payload. A week of monitoring the malware resulted in no visible final payload being made available, which could still change in the future.
The mystery of the Silver Sparrow Mac malware
There are multiple questions left unanswered to the researchers about Silver Sparrow. These include where the initial PKG files came to be used for infecting systems. And elements of the malware’s code that seem to be part of a wider toolset.
“The ultimate goal of this malware is a mystery,” Red Canary admits. “We have no way of knowing with certainty what payload would be distributed by the malware. If a payload has already been delivered and removed, or if the adversary has a future timeline for distribution.”
There is also the question of the inclusion of the “Hello World” executables. As the binary won’t run unless a victim actively searched for it and ran it, rather than running automatically. The executables suggest this could be an under-development malware. Or that an application bundle was needed to make the malware seem legitimate to other parties.