The last unusual characteristic of this malware is it’s actual malicious payload it seems to be missing. In this case, though, clicking on the “Continue” button within that dialog box will execute the JavaScript payload and install the malware onto the host system, regardless if the user cancels the installation immediately afterward. This is not unusual as some software developers use this mechanism to legitimately check for compatibility prior to actual installation of their software. Upon launching the package file the user is prompted to approve a dialog box stating that the package will run a program to determine software compatibility. It was delivered using normal Apple installer packages (.pkg files). This malware also is unique in its use of the macOS Installer JavaScript API to run its commands. First, it’s believed to be only the second piece of malware that’s been released into the wild with compatibility for Apple’s new ARM-based M1 chip. There are a few important and unusual characteristics of this malware to highlight. Looking at data provided by Malwarebytes they determined that this new malware, which they dubbed “Silver Sparrow,” had already infected nearly 30,000 macOS endpoints around the world. Late last week cybersecurity company Red Canary published an article revealing a new strain of macOS malware they discovered.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |