Mysterious malware hits 30,000 Macs

@ 2021/02/23
A piece of malware has been found on almost 30,000 Macs worldwide and apparently it has baffled the Tame Apple Press.

For decades it has insisted that Macs are free from the corruption of malware and yet here was one which appears to have made specifically for Apple users.

The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany.

Red Canary, the security firm that discovered the malware, has named it "Silver Sparrow." It uses the macOS Installer Javascript API to launch a bash process to gain a foothold into the user's system, a hitherto unobserved method for bypassing malware detection.

This bash shell is then used to invoke macOS's built-in PlistBuddy tool to create a LaunchAgent which executes a bash script every hour. This is the command-and-control process, which downloads a JSON file containing (potentially) new instructions.

No comments available.