Mac Users Beware! Silver Sparrow Has Arrived…

by

February 23, 2021

There’s a new malware threat specifically targeting Macs. It’s called Silver Sparrow . Details are still relatively scarce but here’s what we know currently:

  • It was discovered by Red Canary (a cybersecurity provider based out of Denver, CO) and analyzed by them, Malwarebytes and VMWare Carbon Black.
  • It’s infected about 30,000 Macs across 153 countries as of last week. Most of which are in the US, UK, Canada, France and Germany.
  • Researches don’t know how the malware is circulating yet. Could be through malicious ads. Might be through phony Flash updates.
  • Once installed, the malware…sits around and waits for a command from its operator. As of yet, it hasn’t been activated so researchers are at a loss regarding what it actually does. It received ZERO commands while it was being observed.
  • Just because it didn’t do anything while it was being examined, it doesn’t mean this is a failed malware strain. It could be whoever released it into the wild is just waiting for the moment to strike.
  • The malware is coded with M1 (Apple’s new in house chipset) support.

How do you detect Silver Sparrow?

According to Red Canary you should:

  • Look for a process that appears to be PlistBuddy executing in conjunction with a command line containing the following: LaunchAgents and RunAtLoad and true. This analytic helps us find multiple macOS malware families establishing LaunchAgent persistence.
  • Look for a process that appears to be sqlite3 executing in conjunction with a
    command line that contains: LSQuarantine. This analytic helps us find multiple macOS malware families manipulating or searching metadata for downloaded files.
  • Look for a process that appears to be curl executing in conjunction with a command line that contains: s3.amazonaws.com. This analytic helps us find multiple macOS malware families using S3 buckets for distribution.

Has Apple done anything to stop Silver Sparrow infections?

According to AppleInsider.com, yes! Apple is reported to have revoked the certificates used by the Malware’s creators to sign the installation packages, basically freezing them in their tracks. (READ HERE)

There’s also a possibility of future software updates to alleviate/eliminate any problems that may rise up in the future.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

 

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...