Quote<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> A new macOS malware known as Silver Sparrow has silently infected almost 30,000 Mac devices with malware whose purpose is a mystery. .... According to Malwarebytes, this malware has infected 29,139 Mac devices across 153 countries, with high volumes in the United States, the United Kingdom, Canada, France, and Germany. </p> </div>
It's interesting that so many still think MacOS is immune to malware.
It is strange why they still think that, probably Apple's propaganda (marketing) department.
It just makes them more vulnerable to widespread infections like this one, maybe this will wake them up?
Although no doubt Apple will say it's a one-off anomaly.
9 hours ago, Andavari said:<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> It's interesting that so many still think MacOS is immune to malware. </p> </div>
I was clearing viruses off Macs with Virex back in the 90s, when the primary infection vector was shareware floppies. Macs have never had the market share to make them an attractive target for most for-profit malware authors, but since generally speaking Mac owners have more money than PC owners they do present a lucrative niche for phishing, identity theft and keyloggers.
1 hour ago, nukecad said:<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> maybe this will wake them up? </p> </div>
Nothing I have seen in the past 15 years would suggest that it will.
TBH as this virus doesn't seem to do anything (yet) you have to wonder if this was maybe the whole point; to show thousands of Mac users how easily they could get infected?
If thousands of Mac users suddenly go out and buy AV's for their Macs that's a lot of profit for someone (with Apple taking a cut).
- This could have been an attempt to see how vulnerable the MacOS is. It could have been meant to be a backdoor for future infections.
With that article reporting 30K infections I doubt it was a merely "nice tap on the shoulder" just to get some attention without it actually being able to do something.
It's interesting to note that Malwarebytes and Red Canary's investigation has found that in most cases the infection can only be implied by one file that gets left behind after it 'self-destructs'.
Which shows that it did run on those machines and then deleted itself.
Whether it actually did anything when run (gathered data, files, etc) is unknow because of the way it 'phones home' for a package of instructions on what to do, and so those instructions and what they do are unknown. (and being a package can be changed to do different things).
https://blog.malwarebytes.com/mac/2021/02/the-mystery-of-the-silver-sparrow-mac-malware/
Quote<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> The paths detected show a rather interesting pattern. The vast majority of “infections” are actually represented by the ._insu file, and machines that have that file present do not have any of the other components (as expected). </p> </div>
PS. As of Tuesday the known infection count had risen to just under 40K.