US security consultancy Red Canary says it’s found MacOS malware written specifically for the shiny new M1 silicon that Apple created to power its post-Intel Macs.
Red Canary has named the malware “Silver Sparrow” and says it had found its way onto almost 30,000 MacOS devices as of February 17th.
Once the scripts run, a Mac will have two new and nasty files one of which phones home to the malware’s authors to report it was installed.
LibreOffice 7.1 Community released with support for M1 Arm Mac and ‘user interface variants’
The other script is driven by a persistent LaunchAgent that runs it hourly to connect with a server and request more information from whoever controls the malware.
Red Canary says that hourly request “tells
launchd to execute a shell script that downloads a JSON file to disk, converts it into a
plist, and uses its properties to determine further actions.”
The firm’s researchers ran the malware for a week and never saw that request result in a download, leading them to suggest the malware currently lacks a payload.
How the malware is distributed remains a mystery, but Red Canary’s researchers have divined that it uses resources in AWS and Akamai’s content distribution network. The firms suggests Silver Canary’s authors therefore appear to have a decent understanding of how working in a public cloud and CDN makes it harder to defend against malware because organisations often have very good reasons to welcome traffic from large public clouds. ®