Earlier this month, it was reported in an article by PC Mag that security team Red Canary located a new strand of macOS malware. Upon investigation, it was determined the malware seemed to exhibit behaviors previously unheard of in regard to its execution. After consulting with popular malware detection company Malwarebytes, it was determined the strand of malware had infected nearly 30,000 macOS endpoints. These infected devices spread across 153 countries with a majority of infections occurring in the United States. Red Canary has since named the newly identified malware as “Silver Sparrow.”
Further research determined that it doesn’t appear Silver Sparrow has been responsible for delivering any malicious payloads yet. It was determined that every Mac infected with Silver Sparrow is in communication with a control tower in case there are any received commands. Researchers believe a command could be issued at any point. It was also determined the malware has the capability to remotely remove itself from an infected system.
Apple has stated that it is taking steps to revoke certain certificates that will prevent new macOS machines from being infected.
In an online forum for MalwareBytes, a staff member confirmed that they had been detecting the infection before the news had been released.