Bleeping Computer reports that 29,139 Mac devices across the world, including the U.S., Canada and Germany, have been infected with a new macOS malware known as Silver Sparrow.
According to Red Canary researchers, the new malware has been distributed as files named 'update.pkg' [VirusTotal] or 'updater.pkg' [VirusTotal], with the update.pkg including both an Apple M1 and an Intel x86_64 binary, while the updater.pkg only has the executable Intel file.
They could not find what the real purpose of the malware is and "[we] have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution," the Red Canary report stated.
Malwarebytes' Thomas Reed said they have no idea how Silver Sparrow is installed. "We don’t know how users would have initially found that installer. In fact, I’m a bit skeptical that it may even still be in distribution, in this form, at least," he added.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.
Intrusions hijacking the eScan antivirus software's updating mechanism have been conducted by threat actors suspected to be linked to North Korean advanced persistent threat operation Kimsuky to facilitate the delivery of the sophisticated GuptiMiner malware that would then distribute cryptocurrency mining payloads, according to BleepingComputer.
BleepingComputer reports that U.S., Germany, Japan, and UK systems have been subjected to ongoing attacks by suspected Vietnamese hacking group CoralRaider leveraging a content delivery network cache to facilitate the deployment of information-stealing payloads.