Mysterious Mac Trojan "Silver Sparrow": not a government Trojan after all
There has been much speculation about malware that has recently installed itself on 40,000 Macs. The speculations even reach the assumption of a state Trojan. Now, however, it seems to be clear that it is simply adware malware.
The distribution path of a Mac malware called "Silver Sparrow" has not been documented in detail so far. Now Eset suspects that the Trojan is simply adware and not, as previously assumed, malware from state organizations. Eset had already detected the Trojan a few times last September, and had according to Heise observed in 50 instances. Silver Sparrow apparently contacts a control server after installation, but nothing is reloaded.
We have received a lot of questions about the Silver Sparrow malware for macOS after a publication by @redcanary. #ESETresearch has investigated and found that, far from speculations about nation-state malware, it is likely related to adware and pay-per-install schemes. 1/10 pic.twitter.com/gZ29y5kMsk
- ESET Research (@ESETresearch) March 2, 2021
According to Eset's analysis, other adware campaigns have used similar scripts. What is special about Silver Sparrrow is that it deletes itself from the system and covers most of its traces. So far, it has been assumed that the malware, like other adware, offers itself for download via manipulated search results. In addition, the malware was signed with an Apple certificate, which Apple has since withdrawn.
Source: Heise/Eset
