Area 1 Security’s Response to Silver Sparrow

Security Bulletin: Silver Sparrow Malware Affecting Apple Mac Products

Overview

Area 1 Security is aware of the Silver Sparrow Malware that is currently affecting Apple Mac products utilizing both the Intel x86_64 architecture as well as the new M1 ARM64 chip set.

Researchers at Red Canary and Malwarebytes have stated that Silver Sparrow utilizes malicious JavaScript to initiate a persistent command and control connection and take over the affected machines. The malware is installed on machines via a .pkg file named “updater [dot] pkg”.

Area 1 Security Response

  • Area 1 does not allow .pkg or other executable files to be delivered via email. This protects our customers from being able to install the malicious files on their machines via email.
  • Area 1 has also added the known command and control URL’s to our global protection for all of our customers.
  • Area 1 will continue to monitor any new information that becomes available and update our protections accordingly.

Area 1 Security Recommendations

Area 1 Security recommends that our customers take full advantage of the information available regarding the Silver Sparrow malware and utilize a strong Endpoint Protection platform to monitor any Mac’s in the customer environment.

To download a printable version of this Area 1 Security Bulletin, click here.

Kevin Wilson is a Sr. Product Manager at Area 1 Security. Throughout his 14 year in Cyber Security, Kevin has been an Analyst and Engineer in various organizations such as the U.S Navy, First Data, and Lowe’s. Previously he served as the Global Information Security Officer at Guess? Inc as well as a Product Manager for McAfee.

References:

[1] Malwarebytes Labs https://blog.malwarebytes.com/mac/2021/02/the-mystery-of-the-silver-sparrow-mac-malware/
[2] Red Canary https://redcanary.com/blog/clipping-silver-sparrows-wings/

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!

 

Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.