{"id":186160,"date":"2021-02-22T17:29:48","date_gmt":"2021-02-22T14:29:48","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/alarming-macos-malware-found-on-over-30k-machines-including-m1-macs-review-geek\/"},"modified":"2021-02-22T17:29:48","modified_gmt":"2021-02-22T14:29:48","slug":"alarming-macos-malware-found-on-over-30k-machines-including-m1-macs-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/alarming-macos-malware-found-on-over-30k-machines-including-m1-macs-review-geek\/","title":{"rendered":"#Alarming macOS Malware Found on Over 30k Machines (Including M1 Macs) \u2013 Review Geek"},"content":{"rendered":"<p><strong>&#8220;#Alarming macOS Malware Found on Over 30k Machines (Including M1 Macs) \u2013 Review Geek&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 1600px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-71747 size-full\" src=\"https:\/\/www.reviewgeek.com\/thumbcache\/0\/0\/7e00b17249aedefd6b1c24de384e3344\/p\/uploads\/2021\/02\/4d77f777.png\" alt=\"A partially-opened MacBook on an ominous black background.\" width=\"1600\" height=\"900\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/toronto-ontario-canada-september-13th-2019-1503222614\" data-credittext=\"canadianphotographer56\/Shutterstock\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/toronto-ontario-canada-september-13th-2019-1503222614\">canadianphotographer56\/Shutterstock<\/a><\/span><\/figcaption><\/figure>\n<p>Security researchers at <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/redcanary.com\/blog\/clipping-silver-sparrows-wings\/\">Red Canary<\/a> have discovered a mysterious new malware on nearly 30,000 Macs, though the actual number of infected computers is probably much higher. It <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears that the malware, nicknamed Silver Sparrow, is waiting for the right moment to deliver a malicious payload to its host devices. It\u2019s one of the first viruses to run natively on both Intel and M1 Macs.<\/p>\n<p>Silver Sparrow hasn\u2019t harmed any computers yet, but it checks a control server for new commands every hour. Without access to this control server, we have no way of knowing the goal behind Silver Sparrow. That said, the fact that someone is waiting to \u201cactivate\u201d the malware is alarming.<\/p>\n<figure style=\"width: 1600px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-71748 size-full\" src=\"https:\/\/www.reviewgeek.com\/thumbcache\/0\/0\/ad221456a0f5b08505f02daecee118f7\/p\/uploads\/2021\/02\/c2b5fbd9.png\" alt=\"A diagram showing each version of the macOS malware and how it works. \" width=\"1600\" height=\"900\" data-crediturl=\"https:\/\/redcanary.com\/blog\/clipping-silver-sparrows-wings\/\" data-credittext=\"Red Canary\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/redcanary.com\/blog\/clipping-silver-sparrows-wings\/\">Red Canary<\/a><\/span><\/figcaption><\/figure>\n<p>Another alarming factor is Silver Sparrow\u2019s unique, ingenious design. It\u2019s distributed in two unique packages, titled <code>updater.pkg<\/code> and <code>update.pkg<\/code>. While macOS malware usually relies on preinstall or postinstall scripts to execute commands, these packages execute commands through the less-transparent JavaScript API. Of all the malware that Red Canary has encountered, it says that Silver Sparrow is the only one to leverage the JavaScript API.<\/p>\n<p>Upon installation, Silver Sparrow looks up the URL that it was downloaded from, probably to help its designers track which infection methods are the most effective. Interestingly, Silver Sparrow relies on AWS S3 and Akamai CDN cloud services for file distribution, which suggests that its designers are experienced with web servers and cloud computing. Cloud distribution is more resilient than single-server distribution methods, and using popular cloud infrastructure like AWS allows the malware designers to \u201cblend in\u201d with regular web traffic.<\/p>\n<p>Red Canary teamed up with MalwareBytes and found the Silver Sparrow virus on nearly 30,000 computers. Of course, this is just the number of infected computers that MalwareBytes has access to, the actual number of infected computers is probably much higher. Scroll to the bottom of Red Canary\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/redcanary.com\/blog\/clipping-silver-sparrows-wings\/\">report<\/a> if you want to hunt for Silver Sparrow on your Mac, or use the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.malwarebytes.com\/\">MalwareBytes antivirus software<\/a> to scan your computer for the virus.<\/p>\n<p><small>Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/redcanary.com\/blog\/clipping-silver-sparrows-wings\/\">Red Canary<\/a> via <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/arstechnica.com\/information-technology\/2021\/02\/new-malware-found-on-30000-macs-has-security-pros-stumped\/\">Ars Technica<\/a><\/small>\n<\/div>\n<p><script>\nsetTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s)}(window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n  fbq('init', '1137093656460433');\n  fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/71741\/alarming-macos-malware-found-on-over-30k-machines-including-m1-macs\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Alarming macOS Malware Found on Over 30k Machines (Including M1 Macs) \u2013 Review Geek&#8221; canadianphotographer56\/Shutterstock Security researchers at Red Canary have discovered a mysterious new malware on nearly 30,000 Macs, though the actual number of infected computers is probably much higher. It appears that the malware, nicknamed Silver Sparrow, is waiting for the right moment&#8230;<\/p>\n","protected":false},"author":1,"featured_media":186161,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/thumbcache\/0\/0\/7e00b17249aedefd6b1c24de384e3344\/p\/uploads\/2021\/02\/4d77f777.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-186160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/186160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=186160"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/186160\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/186161"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=186160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=186160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=186160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}