It is not uncommon for news to appear that Macs are infected with malware. However, the new threat, which currently threatens nearly 30,000 Mac devices, has worried security researchers, all because of the sophisticated nature of the malware and the lack of available information.
Researchers at Red Canary have discovered a new type of macOS malware called "Silver Sparrow". Malicious software is unusual in many ways, and the main one is that so far it has been mostly covert. Even though it communicates with control servers once an hour, waiting for potentially malicious binaries to be executed, it has not yet applied malicious codes.
In addition to the Intel k86_64 variant, there is also the Apple M1 version. Both variants also contain "bystander binaries", which print "Hello World!" on the screen of the Intel k86_64 variant and "You did it!" on the Apple M1 model.
Although these messages displayed on the screen are not in themselves a major concern, they indicate a bigger problem when these codes begin to perform the malicious actions they receive from control servers. The researchers point out that the complex infrastructure effectively uses AWS and Akamai CDN, which makes it difficult to monitor and remove malware.
Another worrying fact about Silver Sparrow is that it contains self-destruct mechanisms that remove all traces of malware from infected devices. It is also mysterious that the mechanism was not applied to infected machines by default, which means that it was taken sporadically based on the fulfillment of currently unknown conditions.
Much about Silver Sparrow malware is not yet known, and its sophisticated and covert nature suggests that it is a very advanced threat.
Red Canary has hinted that as of February 17, 2021, 29,139 macOS endpoints have been infected, with users located in 153 countries. The largest number of infected devices is concentrated in the USA, Great Britain, Canada, France, and Germany. Here you can check if the user's Mac device is compromised or not.