Mac Users Beware! Silver Sparrow Has Arrived…

by

February 23, 2021

There’s a new malware threat specifically targeting Macs. It’s called Silver Sparrow . Details are still relatively scarce but here’s what we know currently:

  • It was discovered by Red Canary (a cybersecurity provider based out of Denver, CO) and analyzed by them, Malwarebytes and VMWare Carbon Black.
  • It’s infected about 30,000 Macs across 153 countries as of last week. Most of which are in the US, UK, Canada, France and Germany.
  • Researches don’t know how the malware is circulating yet. Could be through malicious ads. Might be through phony Flash updates.
  • Once installed, the malware…sits around and waits for a command from its operator. As of yet, it hasn’t been activated so researchers are at a loss regarding what it actually does. It received ZERO commands while it was being observed.
  • Just because it didn’t do anything while it was being examined, it doesn’t mean this is a failed malware strain. It could be whoever released it into the wild is just waiting for the moment to strike.
  • The malware is coded with M1 (Apple’s new in house chipset) support.

How do you detect Silver Sparrow?

According to Red Canary you should:

  • Look for a process that appears to be PlistBuddy executing in conjunction with a command line containing the following: LaunchAgents and RunAtLoad and true. This analytic helps us find multiple macOS malware families establishing LaunchAgent persistence.
  • Look for a process that appears to be sqlite3 executing in conjunction with a
    command line that contains: LSQuarantine. This analytic helps us find multiple macOS malware families manipulating or searching metadata for downloaded files.
  • Look for a process that appears to be curl executing in conjunction with a command line that contains: s3.amazonaws.com. This analytic helps us find multiple macOS malware families using S3 buckets for distribution.

Has Apple done anything to stop Silver Sparrow infections?

According to AppleInsider.com, yes! Apple is reported to have revoked the certificates used by the Malware’s creators to sign the installation packages, basically freezing them in their tracks. (READ HERE)

There’s also a possibility of future software updates to alleviate/eliminate any problems that may rise up in the future.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

 

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...