Silver Sparrow Malware Has Infected 30,000 macOS Devices
Malware that targets Apple’s macOS has been found on 30,000 mac computers, but it is unclear what the malware, dubbed Silver Sparrow, is supposed to do. Once an hour, the infected machines check a control server for commands, but researchers have not seen evidence of a payload. There are two versions of the malware; one that targets x86-based machines and a second that targets both x86-based and M1-based machines.
While the purpose is not yet known, that the malware includes support for both X86 and M1 processors as well as an AWS C&C framework indicates intent to increase further in scaling, availability and longevity. The developer certificates used to sign the malware were revoked by Apple, so the current packages cannot be installed in additional systems. The Red Canary report (https://redcanary.com/blog/clipping-silver-sparrows-wings/) includes IOCs and behavior such as, If the empty file ~/Library/._insu exists, the malware uninstalls itself.
Read more in
Bleeping Computer: New Silver Sparrow malware infects 30,000 Macs for unknown purpose