The malware, dubbed Silver Sparrow, has yet to engage in malicious activity.
A mysterious malware, which has yet to engage in malicious activity, has infected nearly 40,000 Mac devices, according to cybersecurity firm Red Canary, which first spotted the threat.
The malware, dubbed “Silver Sparrow” by Red Canary, baffles researchers due to its elusive motives.
“Most malware has an end goal,” Brian Donohue, an intelligence analyst at Red Canary, told ABC News by email. “It could be stealing confidential information, causing damage to devices or servers, or blocking access to data. In this case, we do not know what the end goal is, because we have not observed Silver Sparrow engaging in malicious activity.”
Donohue noted, however, that most malware operations consist of multiple support functions that occur prior to the execution of the malicious activity, such as gaining initial access or moving between devices on a network.
“In the case of Silver Sparrow, although we have not looked at the final payload, we have seen other parts of the malware operation,” he added. “For example, we have seen it using built-in macOS features to install itself on victim machines and maintain persistence between reboots.”
Donohue said a member of Red Canary’s cyber incident response team first detected the malware, which includes code that runs on Apple’s new M1 chip, based on suspicious behavior on a customer’s device. They have not identified its origins.
“As of today, we can confirm that the threat has infected almost 40,000 macOS devices,” he told ABC News, citing published data from antivirus firm Malwarebytes, although he said it was probably an “understatement of the full scope of the threat “.
He added that the malware has been labeled mysterious for two reasons, including that it lacks a final payload and researchers cannot determine the purpose of the threat.
“The second relates to a file that, if present on an infected machine, causes Silver Sparrow to uninstall,” said Donohue. “We don’t know why this file is present on certain systems or why its presence causes Silver Sparrow to be uninstalled.”
Although Silver Sparrow does not currently deliver a malicious payload, Donohue said they are “concerned that it could be upgraded to deliver one at any time.”
“This is compounded by the fact that it has a presence on almost 40,000 machines and all the infrastructure necessary to withstand a more worrisome threat,” he said.
Apple told ABC News that it revoked the certificates of the developer accounts used to sign the packages, preventing new machines from being infected, after discovering the malware.
Apple highlighted its security mechanisms and protection and said its App Store provides the safest place to get Mac software. In addition, Apple said it uses industry-leading technical mechanisms to protect users by detecting and blocking malware for the Mac. software downloaded outside of the Mac App Store.
The company also noted, as the researchers made clear, that there is no evidence to suggest that the new malware delivered a malicious payload.