Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which, we here at Neuways, bring attention to the latest cybersecurity threats in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

A mysterious malware called Silver Sparrow has been found on 30,000 Apple Macs around the world – becoming the second known malware to target Macs with Apple’s M1 chip.

Silver Sparrow has been executing on victim’s machines with the final payload yet to be determined, as the malware waits for further instructions from its authors. macOS endpoints across 153 countries, primarily in Canada, France, Germany, the United Kingdom and the United States, are known to have been infected.

The M1 system-on-a-chip (SoC) was released by Apple in autumn 2020, marking the first time that the tech giant created its own internal chip, with it bringing benefits, such as faster performance for native applications and extended battery life among other features.

Silver Sparrow has two versions – one that targets Intel-based Macs, and one that is built to infect both the older and M1-based devices. Most notably, it uses JavaScript for execution, which is rare in the macOS malware world. It is as yet unclear how the malware is spreading, although it is thought they have been distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as updates for a legitimate application, such as Adobe Flash Player, for example.

Using malicious JavaScript commands and the legitimate macOS Installer process, gives the malware the benefit of limiting visibility of the contents of the installations. Once installed, Silver Sparrow uses Apple’s system.run command for execution, allowing the malware to install and cause havoc – at least that’s what you’d think.

Researchers found that none of the nearly 30,000 affected hosts downloaded what would be the next or final payload, at the time of writing. This would presumably be a component that would carry out malicious actions like data exfiltration, cryptomining, ransomware, adware or DDoS bot enslavement, to name a few possibilities. While the goal of the malware is still a mystery, there’s no doubt it is a huge danger to Apple users.

We advise Apple users to be aware of any incoming patches or updates that are made available to try and eradicate Silver Sparrow’s infection, and the risk of any further infections. Ensure automatic updates are set on your devices for the updates to be made as soon as they are available.

A cyber criminal gang, known as ScamClub have been taking advantage of a flaw in Apple’s Safari browser to reach over 50 million users with a three-month malicious ad campaign.

The Safari bug, which was patched on 2 December 2020, resulted in malware being pushed to mobile iOS Chrome and macOS desktop browsers. The campaign redirected traffic to scam sites that flogged gift cards, prizes and malware to victims. Versions of Apple’s Safari browser running on macOS Big Sur 11.0.1 and Google’s iOS-based Chrome browser were affected.

The attacks exploited a flaw in the open-source WebKit engine, as the malicious campaign exploited a privilege-escalation vulnerability, tracked as CVE-2021–1801. It’s not known how many victims the campaign claimed or what type of malicious activity the threat actors may have engaged in after the exploit was abused.

The cyber crime gang, ScamClub, are well known and over the last three years they have hijacked hundreds-of-millions of browser sessions with malvertising campaigns that redirect users to adult and gift card scams. They typically bombard users with flooded ad-delivery systems, rather than tailor attacks to a smaller number of recipients.

Over the last 3 months, ScamClub has delivered over 50 million malicious impressions, with as many as 16 million a day – showing the sheer number of potential victims their scams can claim. This type of attack can be difficult for businesses to handle, given the potential number of malicious ads being distributed.

Thankfully, as this most recent exploit has been updated, Apple users need only ensure that they have updated their Safari browser to avoid the latest ScamClub campaign.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.