Mysterious malware discovered on 30,000 new Macs




surface chart


© Provided by The Independent


Security researchers have discovered a piece of malware called Silver Sparrow on 30,000 Mac computers, including those with Apple’s latest M1 chips.

The malware, discovered and documented by Malwarebytes and Red Canary, “did not exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems.”

Instead, spreading across 153 countries, the malware is designed to deliver a payload that the researchers have yet not discovered.

It also has a system in place to self-destruct – hiding its existence totally.

As Ars Technica reports, infected computers check a server every hour to see if there are any new commands from malicious individuals to execute.

The malware is even stranger due to the fact it uses the macOS Installer JavaScript API to execute commands, which makes it hard to analyse the contents of the package.

When the malware is executed, all that the researchers found were two messages: for computers using Intel chips, the malware displays the words “Hello World!”, while for M1 Macs it says “You did it!”

The researchers hypothesise that these are simply placeholders for a later execution.

Gallery: 14 of the best email apps to help you achieve inbox zero (Pocket-lint)

a screen shot of a computer: Email. Ugh.Just seeing that word can bring a wave of stress upon us like nothing else.It wastes time, clutters both professional and personal lives, and is impossible to organise. Well, almost. Within the past few years, several new email apps have popped up, with the hopes of helping you find some inner zen.That zen is in the form of inbox zero, an email management theory aimed at keeping your inbox empty at all times. That's a lofty goal of course, but if it's something you're interested in, check out the apps below. We've rounded up the best Android and iOS email solutions worth trying.Keep in mind not all of these apps are all about inbox zero, but they do have features tailored to email-clearing, and they're all well-designed, efficient, and make the chore of dealing with email a little more tolerable. But only a little.

“We’ve found that many macOS threats are distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application—such as Adobe Flash Player—or as updates”, the researchers describe.

Apple has already revoked the binaries that could be mean users accidentally install the malware. The malware does not seem to have delivered any malicious payload, and the company emphasises that using its own Mac App Store is the safest place to get software for its computers Mac.

For programs downloaded outside the store Apple does use technical technical mechanisms including as the Apple notary service detect and block malware.

“To me, the most notable [thing] is that it was found on almost 30K macOS endpoints… and these are only endpoints the MalwareBytes can see, so the number is likely way higher,” says Patrick Wardle, a macOS security…

Source…