More than 30,000 MacBooks in 153 countries are ‘targeted’ by malware

Shortly after its launch, the MacBook line using Apple’s M1 chip was attacked by hackers with mysterious malware that has not had a thorough fix.

Not only mass attack machines MacBookSilver Sparrow (the name for the new malware) also spreads and hides actions that have nearly caught cybersecurity experts off guard. Moreover, they not only could not control the transmission of the “silver sparrow” but still did not know its ultimate purpose.

More than 30,000 MacBooks in 153 countries suffer from malware

In other words, it not only can “blow away” data at any time, but also can delete itself after “crime”.

The bomb “exploded” at any time

What’s unique about the type malware Newly called this “silver sparrow”? First of all, this is malware written in Java, which is very rare for macOS. In addition, it also updates a software version exclusively for M1. Of the two current versions of the software, one is for Intel-series Mac devices and the other is for M1-based Mac devices or later.

This software has a high spread rate, wide coverage, strong compatibility with M1, good performance results, most importantly experts have yet to discover how it spreads. Experts found that Silver Sparrow’s infrastructure is hosted on Amazon Web Services s3, which is the cloud resource most companies are using.

The frightening thing about Silver Sparrow is that security researchers have discovered that it is still in a quiet phase (its payload has not been discovered yet). Furthermore, “Silver Sparrow” has a “self-destruct” program, which can delete itself after the fact without leaving any trace. This malware only sends one message to the server per hour without any major action, but once the activation conditions are met, it has serious consequences.

How to check a Mac

Until now, researchers still do not know what is the use of Attack the Vector “silver bird” is. An attack vector refers to a path or means through which an attacker can gain access to a network computer or server to deliver malicious payload or results.

An attack vector refers to a path or means through which an attacker can gain access to a network computer or server to deliver malicious payload or results. Hence, it is not clear what the “silver bird” is targeting, only speculation that it could be a malicious adware. However, they found out that Silver Sparrow creates a plist file in the Library / LaunchAgent folder. In other words, as long as you see this file, your computer is infected.

To temporarily prevent this malware. First, update your operating system, browser, and other software. Alternatively, you can install uBlock Origin, a browser content filtering extension and ad blocker like AdGuard Home. Second, the firewall installation, which netizen suggested Little Snitch, can be used to monitor applications to block or allow them to connect to the network via advanced rules. Finally, don’t install unknown software.

Coincidentally. Silver Sparrow is not the first malware to target M1-series Macs. In fact, just a week ago, someone discovered another GoSearch22 malware that targeted the M1. This is an “upgraded version” of the Pirrit malware adware, with corresponding modifications to the ARM64 architecture that the M1 carries. GoSearch22 can continue attacking Mac devices, and it’s very difficult for regular users to delete it.

It will hide itself as a “browser extension”, which collects data from Safari, Chrome and other Mac browsers, then forces the display of coupons, ad banners and standalone pop-ups. harm. Researchers speculate that GoSearch22’s purpose is to profit from users’ ads and search results, and more malicious features are likely to be developed in the future.

Currently, Apple has revoked the developer certificate used by the Pirrit developers. But these malware appear one after another, forcing the antivirus engine to upgrade.

Antivirus software needs an urgent upgrade

Just last week, experts used GoSearch22 to test a wide range of anti-virus tools. They found that nearly 15% of anti-virus engines did not detect the existence of GoSearch22, but they could essentially detect an earlier version of Pirrit.

In other words, the current antivirus engine is still protecting the x86_64 platform, but no malware is written based on the ARM architecture. This means that these virus analysis tools or an antivirus engine written for the x86_64 platform may not be able to process ARM64 binaries.

Therefore, the ability to detect these malware written for the ARM architecture (Silver sparrow, GoSearch22, etc.) has become a new standard for evaluating anti-virus software.

Phong Vu

The leaked Clubhouse audio data raises security concerns

The leaked Clubhouse audio data raises security concerns

The source or identity of the attacker is still unknown as the cause of the leak at the end of last week.


Leave a Reply

Your email address will not be published. Required fields are marked *