"Given all of this, 'Silver Sparrow' is uniquely positioned to deliver a potentially impactful payload at a moment's notice," said the engineers.īoth the Red Canary engineers, Hurd and Kilam, stated that they wanted to share the information with a broader infosec industry sooner rather than later. The engineers also said that they have no way of identifying what payload would be distributed by the malware, stating that payload may have already been delivered and removed or if the adversary has a future timeline for distribution.
They also speculate if a part of the malware's life cycle is to remove components after an objective has been met. Hurd and Kilam continued that they are unable to identify the file ~/Library/._insu but suspect that this file is a part of a toolset the adversary wishes to avoid. However, the Red Canary engineers are not certain due to limited visibility on what cause the download. The engineers stated that they are not sure of the initial distribution method for PKG files but suspects that the suspicious search engine results from direct victims to download the PKGs based on network connections from the victim's browser. ITWire reports that Red Canary detection engineers Wes Hurd and Jason Kilam said that "Silver Sparrow" is a serious threat due to its forward-looking M1 compatibility, global reach, relatively high-infection rate, and operational maturity. Read Also: Mac M1 UltraWide Monitor Issues Concern Users, Apple May Fix Lapses in Future MacOs Updates How did the malware infiltrated PCs? The first malware was found in February by security researcher and Objective-See founder Patrick Wardle. This is also the second piece of malware designed to run on Apple's in-house chipset for Macbooks. Meanwhile, Red Canary researchers also discovered that "Silver Sparrow" has two different types one was built entirely for Intel-powered Macs, while the other is compiled specifically for Apple's new M1 chipset.
0 kommentar(er)
