This analytic helps us find multiple macOS malware families establishing LaunchAgent persistence. – Look for a process that appears to be PlistBuddy executing in conjunction with a command line containing the following: LaunchAgents and RunAtLoad and true. Red Canary provides a list of analytics that helped them to discover the Silver Sparrow malware, while the researchers added that these may also be useful for detecting other threats to macOS. Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.” How do I know if my Mac has been infected? “Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice. It’s also worth understanding that the actual number of infected devices is probably even higher than the reported figure. This is a significant achievement (if you were to call it that) for the purported attackers, and the widely-circulated nature of the malware makes this a concern of some note. Meanwhile, researchers from Red Canary also worked with colleagues at Malwarebytes to discover a total number of infected devices: 29,139.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |