30,000 Apple Macs Infected With ‘Silver Sparrow’ Malware

Apple computers are at the centre of a rare malware alert, with nearly 30,000 Macs reportedly infected with a mysterious piece of code.

This is the warning from ‘detection engineers’ Wes Hurd and Jason Killam at Red Canary. Earlier this month they had come across “a strain of macOS malware using a LaunchAgent to establish persistence.”

Malware on Macs is less common than infections of Windows-based PCs, but it does happen. In 2019 for example Trend Micro warned of a malware variant that made use of legitimate share-trading software to invade Mac users’ systems.

Silver Sparrow

Last week security researcher Patrick Wardle warned that malware is now being redesigned in order to target Mac computers running Apple’s M1 processor.

And this seems to be the case, after Red Canary this week called this latest malware discovery on Macs “Silver Sparrow.”

What is puzzling is that the researchers said that it is not what the goal of the Silver Sparrow malware is, as it has not delivered “malicious payloads” — essentially, harmful actions against a device.

“However, our investigation almost immediately revealed that this malware, whatever it was, did not exhibit the behaviours that we’ve come to expect from the usual adware that so often targets macOS systems,” blogged Red Canary.

Yet it is clear Silver Sparrow is malware, as it contains a self-destruct mechanism that appears to have not been used.

It is also not clear at this stage what would trigger that self-destruct function, and it is also unclear how the malware found its way onto the infected Macs, but they speculated it may have been through malicious search results.

The researchers found that Silver Sparrow contains code that runs natively on Apple’s in-house M1 chip that was released in November, making only the second known malware to do so.

“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany,” wrote Red Canary.

Unknown goal

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” it added.

“Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later,” the firm wrote.

Apple has reportedly revoked the developer certificates used by the malware, in an effort to prevent any future infections.

Revoking the developer certificates also creates barriers for any existing malware infections to be able to take additional actions, it is being reported.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

US Regulator Approves SpaceX Falcon 9 Return To Service

US Federal Aviation Administration approves SpaceX's Falcon 9 rockets to return to service following second-stage…

18 hours ago

X Drops Unilever From Advertiser Lawsuit

Social media platform X drops Unilever from lawsuit against advertisers after reaching agreement on 'safety…

19 hours ago

US Lawmakers Seek Answers From Telcos Over China Hack

US Congressional Representatives ask for answers from AT&T, Verizon, Lumen Technologies after wiretap networks reportedly…

19 hours ago

Northvolt In Talks For 200m Euros In Short-Term Funding

Swedish EV battery start-up Northvolt in talks for 200m euros in short-term funding as it…

20 hours ago

US Labour Board Accuses Apple Of Slack Restrictions

US labour officials say Apple illegally restricted employees' right to discuss workplace issues on Slack…

20 hours ago