Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the accelerated-mobile-pages domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $options declared before required parameter $ad is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/advanced-ads/classes/display-conditions.php on line 208

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-digital-downloads domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd_cfm domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edds domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $params declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutReturn.php on line 6

Deprecated: Optional parameter $insMessage declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutNotification.php on line 6

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the Newsmag domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-content/themes/Newsmag/functions.php on line 616

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-includes/feed-rss2.php on line 8
mac malware Archives - CISO MAG | Cyber Security Magazine Beyond Cyber Security Mon, 22 Feb 2021 09:51:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.1 30,000 Macs Affected by “Silver Sparrow” Mystery Malware https://staging-cisomagcom.kinsta.cloud/silver-sparrow-malware/ Mon, 22 Feb 2021 09:51:24 +0000 https://staging-cisomagcom.kinsta.cloud/?p=10111 Apple is known for its airtight security across its product line. However, a mystery malware dubbed “Silver Sparrow” has broken this myth by infecting nearly 30,000 Macs (29,139 to be precise) in over 153 countries worldwide. Researchers are scratching their heads trying to understand this malware because it is hiding on the infected machines still […]

The post 30,000 Macs Affected by “Silver Sparrow” Mystery Malware appeared first on CISO MAG | Cyber Security Magazine.

]]> Apple is known for its airtight security across its product line. However, a mystery malware dubbed “Silver Sparrow” has broken this myth by infecting nearly 30,000 Macs (29,139 to be precise) in over 153 countries worldwide. Researchers are scratching their heads trying to understand this malware because it is hiding on the infected machines still waiting for a payload to arrive. Usually, post-compromise, a payload is dropped that then carries out malicious activities, however, this is not the case here.

Analyzing the Silver Sparrow Malware

Red Canary’s blog post offers an in-depth analysis of how the malware was discovered, its targets, operations, and how it affects Apple’s latest M1 chip. For those who want facts and figures, the Silver Sparrow malware is currently the second known malware targeting the Apple M1 silicon chip. The first one was incidentally discovered a week ago by security researcher Patrick Wardle from Objective-See.

As per Red Canary, the Silver Sparrow malware has two versions:

  1. Version 1 IOCs

File name: updater.pkg (installer package for v1)

MD5: 30c9bc7d40454e501c358f77449071aa

  1. Version 2 IOCs

File name: update.pkg (installer package for v2)

MD5: fdd6fb2b1dfe07b0e57d4cbfef9c8149

silver sparrow malware
Image Credit: Red Canary

As shown in the above image, one version is a binary in mach-object format compiled for Intel x86_64 processors and the other version is a Mach-O binary for the M1 chip. The researchers believe that these are “bystander binaries” as they only display messages like “Hello World!” and “You did it!” when executed. As precautionary measures, Apple has revoked the licenses of both the binaries effective immediately.

Related News:

TeamTNT Spreads Malware with New Detection Evasion Tool “Libprocesshider”

Silver Sparrow uses Apple’s system.run command for execution and is thus difficult to detect. Researchers found that every hour the malware contacts the command-and-control center (C2) for further actions, however, none have been observed until now keeping the malware in stealth mode. Another interesting mechanism that the Silver Sparrow malware contains is its self-destruct mode. It has a file check that causes removal of all persistence mechanisms and scripts on execution leaving behind no trail of the attack vectors. Researchers say that the presence of such a sophisticated mechanism for this malware is also a “mystery,” because it means that the attackers were getting ready for a stealthy persistent attack rather than a simple intrude, spread, and exfiltrate kind of attack.

Thankfully, there is still no known indication of any damages through this malware, but the fact that Red Canary’s researchers found these strains of malware on Macs in the wild is worrisome. For the complete list of IOCs of the Silver Sparrow malware, click here.

Related News:

Researcher Finds New Android Malware Spreading Via WhatsApp Messages

The post 30,000 Macs Affected by “Silver Sparrow” Mystery Malware appeared first on CISO MAG | Cyber Security Magazine.

]]>