Silver Sparrow (malware)

Last updated
Silver Sparrow
Common nameSilver Sparrow
Technical nameVersion 1: updater.pkg; Version 2: update.pkg
Type computer virus
Operating system(s) affected MacOS
FilesizeVersion 1: 53.13 KB; Version 2: 72.08 KB

The Silver Sparrow computer virus is malware that runs on x86- and Apple M1-based Macintosh computers. [1] [2] Engineers at the cyber security firm Red Canary have detected two versions of the malware in January and February 2021. [3]

Contents

Description

Two versions of the malware were reported. The first version (described as the "non-M1" version) is compiled for Intel x86-64. It was first detected in January 2021. [3] The second version contains code that runs natively on Apple's proprietary M1 processor, and was probably released in December 2020 and discovered in February 2021. [4] [3] The virus connects to a server hosted on Amazon Web Services. [5] The software includes a self-destruct mechanism. [1]

As of 23 February 2021, information about how the malware is spread and what system may be compromised is sparse. It is uncertain whether Silver Sparrow is embedded inside malicious advertisements, pirated software, or bogus Adobe Flash Player updaters. Red Canary has theorized that systems could have been infected through malicious search engine results that might have directed them to download the code. [3] The ultimate object of the malware's release is also still unknown. [3]

Silver Sparrow is the second malware virus observed to include M1-native code. [6]

Impact

As of 23 February 2021, Internet security company Malwarebytes has discovered over 29,000 Macs worldwide running their anti-malware software to be infected with Silver Sparrow. [7] Silver Sparrow infected Macs have been found in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France, and Germany, according to data from Malwarebytes. [1] Over 39,000 Macs were affected in the beginning of March 2021. [8]

On 23 February 2021, a spokesperson of Apple Inc. stated that "there is no evidence to suggest the malware they identified has delivered a malicious payload to infected users." Apple also revoked the certificates of the developer accounts used to sign the packages, thereby preventing any additional Macs from becoming infected. [9]

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

The EICAR Anti-Virus Test File or EICAR test file is a computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization (CARO) to test the response of computer antivirus (AV) programs. Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real computer virus.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

A dropper is a kind of Trojan that has been designed to "install" malware to a computer. The malware code can be contained within the dropper in such a way as to avoid detection by virus scanners; or the dropper may download the malware to the targeted computer once activated.

In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The isolation metaphor is taken from the idea of children who do not play well together, so each is given their own sandbox to play in alone. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

<span class="mw-page-title-main">Rosetta (software)</span> Operating system component

Rosetta is a dynamic binary translator developed by Apple Inc. for macOS, an application compatibility layer between different instruction set architectures. It enables a transition to newer hardware, by automatically translating software. The name is a reference to the Rosetta Stone, the artifact which enabled translation of Egyptian hieroglyphs.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

<span class="mw-page-title-main">Kaspersky Anti-Virus</span> Antivirus solution

Kaspersky Anti-Virus is a proprietary antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows and macOS, although a version for Linux is available for business consumers.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

<span class="mw-page-title-main">Malwarebytes (software)</span> Anti-malware software

Malwarebytes is an anti-malware software for Microsoft Windows, macOS, ChromeOS, Android, and iOS that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006. This is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

<span class="mw-page-title-main">Dr.Web</span> Antivirus software suite

Dr.Web is a software suite developed by Russian anti-malware company Doctor Web. First released in 1992, it became the first anti-virus service in Russia.

<span class="mw-page-title-main">Genieo</span> Israeli company specializing in Mac malware

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.

OSX.FlashBack, also known as the Flashback Trojan, Fakeflash, or Trojan BackDoor.Flashback, is a Trojan horse affecting personal computer systems running Mac OS X. The first variant of Flashback was discovered by antivirus company Intego in September 2011.

Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.

macOS Big Sur 17th major version of the macOS operating system

macOS Big Sur is the seventeenth major release of macOS, Apple Inc.'s operating system for Macintosh computers. It was announced at Apple's Worldwide Developers Conference (WWDC) on June 22, 2020, and was released to the public on November 12, 2020.

<span class="mw-page-title-main">Developer Transition Kit</span> Series of prototype Mac computers

The Developer Transition Kit is the name of two prototype Mac computers made available to software developers by Apple Inc. The first Developer Transition Kit was made available in 2005 prior to the Mac transition to Intel processors to aid in the Mac's transition from PowerPC to an Intel-based x86-64 architecture. A second Developer Transition Kit was made available in 2020 prior to the Mac transition to Apple silicon as part of its initiative to transition the Mac away from Intel to Apple's ARM64-based Apple silicon.

References

  1. 1 2 3 Alexis Benveniste (21 February 2021). "Nearly 30,000 Macs reportedly infected with mysterious malware". CNN. Retrieved 2021-02-21.
  2. Hollister, Sean (2021-02-21). "Sophisticated hackers snuck sleeper malware into nearly 30,000 Macs". The Verge. Retrieved 2021-02-23.
  3. 1 2 3 4 5 "Silver Sparrow macOS malware with M1 compatibility". Red Canary. 2021-02-18. Archived from the original on 2021-03-25. Retrieved 2021-03-31.
  4. "Mysterious malware found on 30,000 Macs". www.consumeraffairs.com. 2021-02-22. Retrieved 2021-02-23.
  5. "Thousands infected with 'mystery' virus". NewsComAu. 2021-02-22. Retrieved 2021-02-23.
  6. Goodin, Dan (2021-02-20). "New malware found on 30,000 Macs has security pros stumped". Ars Technica. Retrieved 2021-02-23.
  7. "Mysterious malware discovered on 30,000 new Macs". The Independent. 2021-02-22. Retrieved 2021-02-23.
  8. "macOS Malware Silver Sparrow Affects About 40,000 Macs Running Both Intel and ARM Chips". CPO Magazine. 2021-03-04. Archived from the original on 2021-03-04. Retrieved 2021-03-28.
  9. "Apple Takes Action Against Silver Sparrow Malware Discovered on 30K Infected Macs". PCMAG. Retrieved 2021-02-24.