Security researchers have discovered new malware that has already made its home on Macs. So far, however, she has not done anything except wait for further orders. The malware called Silver Sparrow comes as an installation package on Macs and obviously has to be installed by the user first.
The re is both an “updater.pkg”, which is designed for Intel Macs, and an update.pkg, which supplies a program adapted for Intel and ARM Macs in the standard Mach-O binary format, such as the security company Red Canary explained.
Malware has not yet received any new commands
The tool was observed for over a week, but no payload was reloaded, which is why the target of the malware remains a mystery, according to the security researchers.
The AV tool Malwarebytes was able to detect an infection with Silver Sparrow on more than 29,000 Macs by mid-February; the malware was particularly frequently installed on Macs in the USA, Great Britain, Canada, France and Germany.
Certificate withdrawn by Apple
The security researchers suspect that it is sold through various channels and disguised as legitimate Mac software that is offered for download on Macs via manipulated advertising banners or search results. Apple has apparently withdrawn the developer certificates used by the installation packages for signing.
What is unusual for malware that is so common in the wild is that it has a self-destruct routine with which it is supposed to disappear from an infected Mac without a trace. This too has apparently not been ignited so far, according to the security researchers. Such techniques are otherwise more likely to use malware that is targeted against individuals.