Malwarebytes: 29,000 Macs Have Been Infected With an unknown Malware

More than 29,000 Macs have been infected with a new copy of malware, but exactly how this happened is unknown. The malware also appears to do nothing at all on infected systems. The actual purpose is therefore unclear.

Anti-malware company Malwarebytes detected a total of 29,139 infected Mac systems in 153 countries. The actual number may be higher as these are just the infections seen by Malwarebytes. The company had most infections in the United States, United Kingdom, Canada, France and Germany. Security company Red Canary made an analysis of the malware, which it calls Silver Sparrow.

The malware was hidden in two files named updater.pkg and update.pkg. This could indicate that the malware has been offered as a rogue update. In the past, a lot of Mac malware was distributed via so-called Adobe Flash Player updates. Whether that was the infection vector in this case too is unknown. Further details about affected users are also missing.

It also appears that the malware does not perform anything on infected systems. Once active, Silver Sparrow waits for instructions from the attackers, but they have not been detected by investigators. In addition, the attackers can send a command that causes the malware to remove itself from the system. Silver Sparrow also appears to work on Macs with the new M1 processor. Recently, researcher Patrick Wardle also reported malware that supports the new platform. Apple has now revoked developer certificates for both Silver Sparrow files.

Previous Post Next Post