Continuing the malware’s novelty, using JavaScript code “is a technique that we hadn’t previously encountered in other macOS malware” said Red Canary’s researchers.Īfter installation, a shell script executes and communicates, once an hour, with a C2 server hosted on an AWS S3 bucket looking for a further payload to download and execute. Messages displayed by Silver Sparrow binaries as found on Red Canary's blog postīoth variants are delivered via an installation package and execute code in the distribution phase using the macOS Installer JavaScript API. The growing use of macOS across enterprise, coupled with the decrease in network protection capabilities due to remote work during the pandemic can make this a threat for companies and should be addressed While this is a limited number of infections, we do not know the goal of this campaign and its target. A potential threat to enterprise – At this point, we’re only aware of approximately 30,000 Mac machines being affected by the malware.Those are signs of a potentially powerful adversary, or at least one that is fast to adapt. Alternatively, the attacker might have leveraged previous knowledge from the M1 Linux port. A well-prepared adversary – While the M1 chip had already seen Linux ported to it earlier this year, Apple’s chip is brand new, first announced on October 2020, which means that either the adversary had Apple’s M1 hardware and/or OS before it was issued to the market, or it took them three months to reverse-engineer the product, adjust a piece of malware or write it from scratch, and deploy it around the globe.It is thus possible that we are embarking on a series of macOS and iOS malware. ![]() But the fact is that Silver Sparrow joins a recently detected malware dubbed “GoSearch22” that also targets Apple M1 chips.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |