The malware, dubbed Silver Sparrow, has not engaged in malicious action.
Mysterious malware — that has not yet engaged in malicious activity — has infected almost 40,000 Mac devices, according to the cybersecurity company Red Canary, which first detected the threat.
“Most malware has an ultimate aim,” Brian Donohue, an intelligence analyst in Red Canary, told ABC News through email. “It might be to steal sensitive information, cause damage to apparatus or servers, or block access to info. In this case, we do not actually know what that ultimate goal is, because we haven’t observed Silver Sparrow participating in malicious action.”
Donohue noted, howeverthat many malware operations consist of multiple supporting functions that occur prior to the implementation of malicious activity, like gaining first access or moving between devices on a network.
“In the event of Silver Sparrow, although we have not observed the last payload, we’ve seen other parts of the malware operation,” he added. “For instance, we have discovered it using built-in functions of macOS to install itself on victim machines to maintain persistence across reboots.”
Donohue stated a member of Red Canary’s cyber incident response team detected the malware which includes a code which runs on Apple’s new M1 processor — based on questionable behavior from a customer’s device. They haven’t recognized its roots.
“As of now, we can confirm that the threat has infected almost 40,000 macOS devices,” he told ABC News, citing published data from antivirus firm Malwarebytes, though he said that this is likely an”underestimation of the entire scope of the threat.”
He added that the malware has been dubbed mysterious for 2 reasons, including that it lacks an ultimate payload and investigators cannot determine the purpose of the hazard.
“The second relates to some document that, if present on an infected server, causes Silver Sparrow to uninstall itself,” Donohue said. “We don’t know why this file is present on specific systems or why its presence triggers Silver Sparrow to uninstall itself.”
Although Silver Sparrow does not deliver a malicious payload, Donohue stated they’re”worried that it may be updated to deliver one in a moment’s notice.”
“This is compounded by the fact that it’s a presence on almost 40,000 machines and each of the infrastructure necessary to encourage a more about threat,” he explained.
Apple told ABC News that it revoked the certifications of their developer accounts used to sign the bundles, preventing new servers from becoming infected, after discovering the malware.
Apple noted its safety protection and mechanisms and said its App Store provides the most secure place to obtain software for Macs. Additionally, Apple said it utilizes industry-leading technical mechanisms to protect users by detecting and blocking malware to get software downloaded outside of their Mac App Store.
The company also noted, as made clear by the investigators, that there is no evidence to suggest that the brand new malware has given a malicious payload.