Nearly 30,000 Macs reportedly infected with mysterious malware
By Alexis Benveniste, CNN Business
Updated 12:29 PM ET, Sun February 21, 2021
New York (CNN Business)Nearly 30,000 Macs world-wide have been infected with mysterious malware, according to researchers at security firm Red Canary.
The malware, which the company calls Silver Sparrow, does not "exhibit the behaviors that we've come to expect from the usual adware that so often targets macOS systems," Tony Lambert, an intelligence analyst at Red Canary wrote.
It's not clear what the malware's goal is. Silver Sparrow includes a self-destruct mechanism that appears to have not been used, researchers said. It's also unclear what would trigger that function.
Notably, Silver Sparrow contains code that runs natively on Apple's in-house M1 chip that was released in November, making only the second known malware to do so, according to the news site Ars Technica.
"Though we haven't observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat," researchers wrote.
Silver Sparrow infected Macs in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks.
NO ONE who knows ANYTHING about the Mac ever said "Mac's can not get malware or viruses and you're 100% safe at all times."
What is true "Macs are targeted 1000s of times LESS with Malware and Macs have some built-in security measure that may help limit the severity of some common malware."
So yes, EVERYTIME a malware targets a Mac someone posts a similar thing "Mac users are smug, but look you ain't shit!! Hahaha you're exactly the same as everyone else - and we suck - so now you suck too - but you suck more because I thought you were smug."
No one says mac are INVULENARBLE. They just aren't targeted AS MUCH.
Same with the iPhone - we know the Pegasus spyware has been used to target political dissidents and journalism in Saudi Arabia and China - it's just not very common so it's not really a problem the average user will ever have.
In Versions 1 & 2 ~/Library/._insu (empty file used to signal the malware to delete itself) /tmp/agent.sh (shell script executed for installation callback) /tmp/version.json (file downloaded from from S3 to determine execution flow) /tmp/version.plist (version.json converted into a property list)
Other versions ~/Library/Application Support/agent_updater/agent.sh (v1 script that executes every hour) /tmp/agent (file containing final v1 payload if distributed) ~/Library/Launchagents/agent.plist (v1 persistence mechanism) ~/Library/Launchagents/init_agent.plist (v1 persistence mechanism)