'Silver Sparrow' Malware infected around 30,000 Apple Macs
By MYBRANDBOOK
Researchers have disclosed a previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker's M1 processors. Calling the malware "Silver Sparrow," cybersecurity firm Red Canary said it identified two different versions of the malware - one compiled only for Intel x86_64 and uploaded to VirusTotal on August 31, 2020 (version 1), and a second variant submitted to the database on January 22 that's compatible with both Intel x86_64 and M1 ARM64 architectures (version 2).
Adding to the mystery, the x86_64 binary, upon execution, simply displays the message "Hello, World!" whereas the M1 binary reads "You did it!," which the researchers suspect is being used as a placeholder.
Red Canary's Tony Lambert said, "The Mach-O compiled binaries don't seem to do all that much and so we've been calling them 'bystander binaries. We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution."
The 29,139 macOS endpoints are located across 153 countries as of February 17, including high volumes of detection in the U.S., the U.K., Canada, France, and Germany, according to data from Malwarebytes.
Despite the difference in the targeted macOS platform, the two samples follow the same modus operandi: using the macOS Installer JavaScript API to execute attack commands by dynamically generating two shell scripts that are written to the target's file system. While "agent.sh" executes immediately at the end of the installation to inform an AWS command-and-control (C2) server of a successful installation, "verx.sh" runs once every hour, contacting the C2 server for additional content to download and execute.
Furthermore, the malware comes with capabilities to completely erase its presence from the compromised host, suggesting the actors associated with the campaign may be motivated by stealth techniques.
Silver Sparrow is the second piece of malware to contain code that runs natively on Apple's new M1 chip. A Safari adware extension called GoSearch22 was identified last week to have been ported to run on the latest generation of Macs powered by the new processors.
TAC Security becomes Cyber Security Assessor for the App Defen
The cybersecurity company, TAC Security has been selected as a key Cyber ...
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
NUMERIC INDIA, A Group Brand Legrand
TEJAS NETWORKS INDIA PVT. LTD.
RELIANCE JIO INFOCOMM LTD.
STERLITE TECHNOLOGIES LTD.
Technology Icons Of India 2023: Sachin Bansal
Sachin Bansal’s fintech startup, Navi Technologies, simplifies loan ...
Technology Icons Of India 2023: Nandan Nilekani
Nandan Nilekani is the Co-Founder and Chairman of the Board, Infosys T...
Technology Icons Of India 2023: Sunil Vachani
Sunil Vachani is the founder and chairman of India-listed Dixon Techno...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
Leading company into fertilizers in the country
NFL is a dynamic organization committed to serve the farming community...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
IVALUE INFOSOLUTIONS PVT. LTD.
: iValue Info Solutions is a value added distributor, provides solutio...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...