See Also - Mysterious Mac Malware Infected at Least 30,000 Devices Worldwide
February 23, 2021 By Thomas Reed
Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This malware is notable in being one of the first to include native code for Apple’s new M1 chips, but what is unknown about this malware is actually more interesting than what is known!
Installation
We know that the malware was installed via Apple installer packages (.pkg files) named update.pkg or updater.pkg. However, we do not know how these files were delivered to the user.
These .pkg files included JavaScript code, in such a way that the code would run at the very beginning, before the installation has really started. The user would then be asked if they want to allow a program to run “to determine if the software can be installed.”