Some Android Malware Can Break Your Phone When You Delete It
Some Android Malware Can Break Your Phone When You Delete It
Macs Move to Apple Silicon Announced at WWDC
Macs Move to Apple Silicon Announced at WWDC
Apple Takes Chipset Matters Into Its Own Hands
Apple Takes Chipset Matters Into Its Own Hands
Apple's M1 ARM Pivot: A Step Into the Reality Distortion Field
Apple's M1 ARM Pivot: A Step Into the Reality Distortion Field
The Strange Tech Wars of 2019
The Strange Tech Wars of 2019

Silver Sparrow Malware Hatched on 30,000 Macs

Silver Sparrow Apple M1 chip malwareOnline Cybersecurity Degree Pursue lucrative and in-demand roles with Utica College's 100% online cybersecurity degree. You’ll choose from four specializations to tailor your degree to your career goals. Study at an institution designated as a National Center of Academic Excellence in Cyber Defense Education (CAE/CDE). Request Information » Nearly 30,000 Macs in 153 countries have been infected with a new malware strain that security researchers are calling Silver Sparrow. Discovered by researchers at Red Canary, the malware has been sitting on it hosts waiting for a payload that never arrived. "Though we haven't observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment's notice," Red Canary Intelligence Analyst Tony Lambert wrote in a company blog Thursday. Although researchers at Malwarebytes have identified 29,139 macOS endpoints infected by Silver Sparrow, many more machines could be hit by the malicious software, maintained Tony Anscombe, chief security evangelist at Eset.

"Based on what was first seen, the malware may be more widespread than is called out in the disclosure," he told TechNewsWorld. "The 30K number comes from a single security vendor as opposed to the entire macOS environment."

However, Malwarebytes Director of Mac and Mobile Thomas Reed maintained the bad app may be coming to light as it's about to go dark.

"This may be an infection that's already run its course," he told TechNewsWorld.

"There's a file that triggers the malware to self-delete," he explained. "That file is making up most of our detections at the moment. The creator seems to be sending the self-destruct command now."

The Biggest Concerns. Despite the positives, there are some concerns about virtual reality. For example, some critics point out health and safety issues. If the technology is not used properly, users might suffer from health issues like seizures and other major discomfort. Some people could also trip and fall. There are also major privacy concerns with virtual reality. Some people fear that the headsets could lead to government surveillance, although there is no proof of that as of yet.

Blocked by Apple

In a statement provided to TechNewsWorld, Apple said that upon discovering the malware, it revoked the certificates of the developer accounts used to sign the packages, preventing new machines from being infected.

Apple also noted that there is no evidence to suggest the malware identified by the researchers has delivered a malicious payload to infected users.

It added that the company has a number of measures in place to provide a safe experience for its users, including technical mechanisms, such as the Apple notary service, to protect users by detecting malware and blocking it so it can't run.

That service, though, has been less than perfect in the past, maintained Joshua A. Long, chief security analyst at Intego, maker of security and privacy software for Macs, in Austin, Texas. "It is more significant that, according to our own research at Intego, this is at least the sixth major time that Apple's notarization process has failed to detect malware families that have either been distributed in the wild or uploaded to VirusTotal," he told TechNewsWorld.

"Notarization is specifically supposed to identify and block new malware before it can ever infect Macs," he continued, "but Apple's automated notarization process has repeatedly notarized dozens of malware samples that Apple has failed to detect as malicious."

Poisoned Searches

How the infected machines came into contact with the malware is a mystery at the moment. "Malware researchers have not yet conclusively identified the exact delivery method," Long said.

"One theory is that end-users may have encountered the malware via poisoned Google search results -- search results leading to legitimate sites that have been compromised by a threat actor or malicious sites that rank highly for particular searches," he added. Another possibility is malicious browser extensions, Red Canary Director of Intelligence Katie Nickels noted during a live streaming session on Twitter on Monday.
Long added that there are two versions of the malware, also known as Slisp. One is compiled for Intel Macs. The other is a universal binary that runs on both Intel and ARM-based M1 machines. "It's worth noting, however, that M1 Macs can often run Mac malware compiled only for Intel, due to Apple's Rosetta technology which enables Intel binaries to run on M1 Macs," he added.

"We can expect that virtually all Mac malware from this point forward will be designed to run on both architectures," he predicted.

"Virtual Reality" Was Coined in 1987. While immersive experiences (depending on the definition) have been around for decades, the actual term most people use to describe them is relatively new. The term “virtual reality” was conceived by Jaron Lanier in 1987, during an intense period of research around this form of technology.

Malware ARMs Race

Lambert agreed that Apple's M1 architecture will be a future target of bad actors.

"The inclusion of a binary compiled for use on systems running Apple's new M1 ARM processor is important, because it suggests that the developers of Silver Sparrow are thinking ahead rather than simply writing their malware to be compatible with those chipsets that currently have the largest share of the market," he told TechNewsWorld.

Christopher Budd, senior global threat communications manager at Avast, of Prague in the Czech Republic, a maker of security software, including antivirus programs for the Mac, explained that malware authors are essentially business people. They adapt based on market trends.

"Making this malware functional on new M1 systems shows that these authors believe there is or will be enough of a market for that platform to make it worthwhile to devote resources to it," he told TechNewsWorld.

"The fact that macOS malware and adware authors are compiling binaries for M1 was obvious, expected, and does not warrant the recent sensationalism," added Eset Detection Engineer Michal Malik.

Novel Install

Targeting Apple's ARM architecture isn't the only way Silver Sparrow distinguishes itself from most Mac malware found in the wild.

"Most of the malware we observe for macOS systems ultimately delivers adware and related payloads," Lambert explained.

Eset's Anscombe noted that the persistence and unconventional method of installation are notable aspects of Silver Sparrow, but there are more dangerous malware samples already in the wild.

"The danger of this malware depends on the actions of the author to deliver a payload and it's intent," he said.

"There is also the risk that another bad actor could try and leverage the mechanism and take control of it," he added.

Myth of the Invincible Mac

What can consumers do to protect themselves from Silver Sparrow? Lambert recommends turning to third-party protection.

"As a general rule, we typically recommend that users run third-party antivirus or antimalware products to supplement the existing antimalware protections maintained by operating system manufacturers," he said.

"While we're talking specifically about macOS in this case," he continued. "this advice is just as applicable to Windows machines."

That advice may be dubious to Mac owners who've been told their machines are immune from infections from malicious software.

Virtual Reality Conventions Are A Hit. Among the biggest reasons behind the rising popularity of virtual reality are the tech conventions. These are the venues where people might first learn about virtual reality and where the first time users experience it as well. The others go to not miss out on the latest. Some of the conventions are becoming really popular and ticket prices are skyrocketing. Companies that produce virtual reality headsets are using the conventions to build some hype for their upcoming products for users.

"It's not that difficult to infect a Mac," Reed observed. "The only thing that has stood in the way in the past has been market share."

"Why would you want to invest your time in creating malware for a system that has fairly low market share compared to Windows?" he asked. "But as Macs have increased their market share, they've become an increasingly popular target, especially because a lot of the people who have Macs are people who you would want to target, like CEOs and other well-paid professionals."

Apple Spotlights Privacy, Big Iron at WWDC
Apple Spotlights Privacy, Big Iron at WWDC
Apple Highlights User Experience in New OS Lineup
Apple Highlights User Experience in New OS Lineup
Apple Gingerly Sets More Stores to Reopen
Apple Gingerly Sets More Stores to Reopen
Apple's Looming Nightmare
Apple's Looming Nightmare