Researchers at Red Canary have discovered a new malware targeting Apple Mac computers. Dubbed Silver Sparrow, the malware has already infected about 30,000 devices in 153 countries.

Researchers have found two versions of the Silver Sparrow - one designed for Mac devices based on Intel processors, and the other for computers based on the new Apple M1 chip.

Now, the malware only infects the Mac without loading the payload, that’s why the specialists could not find the real purpose of Silver Sparrow. Specifically, the Intel version, upon execution, displays the text "Hello World", and the version for M1 is "You did it!". Both binaries do not perform any function, being so-called "bystander binaries". In addition, Silver Sparrow has a self-destruct function, but in which cases it is launched is also unknown.

According to experts, Apple has already revoked the developer certificate for both files. The malware uses the macOS Installer JavaScript API to execute commands, which complicates the analysis of the contents of installation packages.

At this point, it is unclear how and where the malware is distributed or how it is installed.

Source: securitylab.ru