Nearly 40,000 Macs are infected with mysterious malware, researchers say

The malware, called Silver Sparrow, has not yet dealt with malicious activity.

The mysterious malware – which has not yet dealt with malicious activity – has infected nearly 40,000 Mac devices, according to cybersecurity company Red Canary, which first discovered the threat.

The malware, which Red Canary called the “Silver Sparrow,” confuses researchers because of its elusive motives.

“Most malware has an end goal,” Red Canary intelligence analyst Brian Donahue told ABC News via email. “It could be stealing sensitive data, damaging devices or servers, or blocking access to data. In this case, we don’t really know what the ultimate goal is, because we haven’t noticed that Silver Sparrow is engaging in malicious activity.”

Donahue noted, however, that most malware operations consist of multiple auxiliary functions that occur before performing malicious activities, such as gaining initial access or moving between devices on a network.

“In the case of Silver Sparrow, although we did not observe the final payload, we also saw other pieces of malware,” he added. “For example, we noticed it using built-in macOS features to install on victims’ computers and maintain consistency during restart.”

Donahue said a member of the Red Canarian cyber incident response team was the first to detect malware – which includes code running on Apple’s new M1 chip – based on suspicious behavior from a user’s device. They did not identify its origin.

“As of today, we can confirm that the threat has infected nearly 40,000 macOS devices,” he told ABC News, citing published data from antivirus company Malwarebytes, although he said it was likely “an underestimation of the overall scope of the threat.”

He added that the malware was called mysterious for two reasons, including the fact that it lacks the ultimate burden, and researchers cannot determine the purpose of the threat.

“The second refers to a file that, if present on an infected computer, causes Silver Sparrow to be uninstalled,” Donahue said. “We don’t know why this file is present on certain systems or why its presence causes Silver Sparrow to be uninstalled.”

Although Silver Sparrow does not currently deliver malicious cargo, Donahue said they are “concerned that it could be updated so it delivers it in an instant”.

“Added to this is the fact that it is present on nearly 40,000 machines and its infrastructure needed to support more worrying threats,” he said.

Apple told ABC News that it had revoked the certificates of the developers’ accounts used to sign the package, preventing the infection of new machines after the malware was detected.

Apple has noted its security protections and mechanisms and said its App Store provides the safest place to purchase software for Macs. In addition, Apple said it uses industry-leading technical mechanisms to protect users by detecting and blocking malware for software downloaded from outside the Mac App Store.

The company also noted, as the researchers made clear, that there was no evidence to suggest that the new malware delivered malicious cargo.