silver sparrow

About Silver Sparrow

Security researchers have spotted a new malware operation targeting Mac devices that has silently infected almost 30,000 systems. Named Silver Sparrow, the malware was discovered by security researchers from Red Canary and analyzed together with researchers from Malwarebytes and VMWare Carbon Black.

“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany,” Red Canary’s Tony Lambert wrote in a report published last week.

But despite the high number of infections, details about how the malware was distributed and infected users are still scarce, and it’s unclear if Silver Sparrow was hidden inside malicious ads, pirated apps, or fake Flash updaters —the classic distribution vector for most Mac malware strains these days.

Furthermore, the purpose of this malware is also unclear, and researchers don’t know what its final goal is. Once Silver Sparrow infects a system, the malware just waits for new commands from its operators — commands that never arrived during the time researchers analyzed it, hoping to learn more of its inner workings prior to releasing their report. But this shouldn’t be interpreted as a failed malware strain, Red Canary warns. It may be possible that the malware is capable of detecting researchers analyzing its behavior and is simply avoiding delivering its second-stage payloads to these systems.

The large number of infected systems clearly suggests this is a very serious threat and not just some threat actor’s one-off tests.

What You Can Do

Avoid downloading software packages or updates from websites you are unfamiliar with.

• Were you prompted by a website to download a software package and/or update?
• Was it something you weren’t intending to download or install until the website suggested you should?
• Was the package file named something simple and dull, like “update.pkg” or “updater.pkg?”

If you said yes to any of these, please contact us and we’ll take a look at it.

Contact Us
314.333.3330
acumen@acumen-corp.com

Google has released version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. This release contains only one bugfix for a zero-day vulnerability that was exploited in the wild.

What You Can Do

Users are advised to use Chrome’s built-in update feature to upgrade their browser to the latest version as soon as possible.

Determine if an update is pending
1. On your computer, open Chrome.
2. At the top right, look at More (3 dots).
3. If an update is pending, the icon will be colored:
Green: An update was released less than 2 days ago.
Orange: An update was released about 4 days ago.
Red: An update was released at least a week ago.

 

Updating Instructions
Some notes before you update:
– All browsers will be closed and you will need to relaunch Chrome from the Windows menu.
– Once you relaunch, your browsers will reopen the apps automatically where
you left off.
– You don’t need to close browsers or even log out of web applications. However, you may need to log back into some applications once you relaunch.

To update Google Chrome:
1. On your computer, open Chrome.
2. At the top right, click More (3 dots).
3. Click Update Google Chrome.
Important: If you can’t find this button, you’re on the latest version.
4. Click Relaunch.

 

Have Questions? Need Assistance?
If you have questions or need assistance, please call the friendly experts at Acumen at 314-333-3330.

 

 

*https://www.zdnet.com/article/google-patches-an-actively-exploited-chrome-zero-day/

Acumen would like to warn of recent phishing scams, or email attacks, that we have seen in our Security Response Center.  In some cases, these domains are whitelisted as legitimate organizations, have been released by employees from Quarantine, or the Spam filtering systems do not detect these for a few hours until their security teams realize the nature of the threat. These are a more sophisticated variation of Phishing Attacks that convince employees to take an action that activates an attack such as Ransomware. (Ransomware encrypts your files and charges a ransom to decrypt them. In many cases, paying the requested ransom does not decrypt the files.)

You will see below this message samples of phishing scams.  These email attacks convincingly appear to come from major common vendors such as UPS, Intuit Quickbooks, NetSuite accounting, etc.

These emails have an Excel macro document that encourages employees to click a button in the Excel document activating a malicious attack. They will also have invalid web links to malicious web sites that are not owned by the sending organization.

Typically, an employee can detect these attacks by looking carefully at the From address.  However, in these cases, the From address looks legitimate.

This is a new email attack mechanism that has not been commonly seen before now. 

We recommend sending to your staff.  To further help with this matter, Acumen offers brief phishing scam training for your staff.

To set up training for your staff, or with any questions, please call Acumen Consulting at 314-333-3330 or email sales@acumen-corp.com.