Mac Users Beware! Silver Sparrow Has Arrived…

by

February 23, 2021

There’s a new malware threat specifically targeting Macs. It’s called Silver Sparrow . Details are still relatively scarce but here’s what we know currently:

  • It was discovered by Red Canary (a cybersecurity provider based out of Denver, CO) and analyzed by them, Malwarebytes and VMWare Carbon Black.
  • It’s infected about 30,000 Macs across 153 countries as of last week. Most of which are in the US, UK, Canada, France and Germany.
  • Researches don’t know how the malware is circulating yet. Could be through malicious ads. Might be through phony Flash updates.
  • Once installed, the malware…sits around and waits for a command from its operator. As of yet, it hasn’t been activated so researchers are at a loss regarding what it actually does. It received ZERO commands while it was being observed.
  • Just because it didn’t do anything while it was being examined, it doesn’t mean this is a failed malware strain. It could be whoever released it into the wild is just waiting for the moment to strike.
  • The malware is coded with M1 (Apple’s new in house chipset) support.

How do you detect Silver Sparrow?

According to Red Canary you should:

  • Look for a process that appears to be PlistBuddy executing in conjunction with a command line containing the following: LaunchAgents and RunAtLoad and true. This analytic helps us find multiple macOS malware families establishing LaunchAgent persistence.
  • Look for a process that appears to be sqlite3 executing in conjunction with a
    command line that contains: LSQuarantine. This analytic helps us find multiple macOS malware families manipulating or searching metadata for downloaded files.
  • Look for a process that appears to be curl executing in conjunction with a command line that contains: s3.amazonaws.com. This analytic helps us find multiple macOS malware families using S3 buckets for distribution.

Has Apple done anything to stop Silver Sparrow infections?

According to AppleInsider.com, yes! Apple is reported to have revoked the certificates used by the Malware’s creators to sign the installation packages, basically freezing them in their tracks. (READ HERE)

There’s also a possibility of future software updates to alleviate/eliminate any problems that may rise up in the future.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

 

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...