30,000 Apple Macs Infected With ‘Silver Sparrow’ Malware

Apple computers are at the centre of a rare malware alert, with nearly 30,000 Macs reportedly infected with a mysterious piece of code.

This is the warning from ‘detection engineers’ Wes Hurd and Jason Killam at Red Canary. Earlier this month they had come across “a strain of macOS malware using a LaunchAgent to establish persistence.”

Malware on Macs is less common than infections of Windows-based PCs, but it does happen. In 2019 for example Trend Micro warned of a malware variant that made use of legitimate share-trading software to invade Mac users’ systems.

Silver Sparrow

Last week security researcher Patrick Wardle warned that malware is now being redesigned in order to target Mac computers running Apple’s M1 processor.

And this seems to be the case, after Red Canary this week called this latest malware discovery on Macs “Silver Sparrow.”

What is puzzling is that the researchers said that it is not what the goal of the Silver Sparrow malware is, as it has not delivered “malicious payloads” — essentially, harmful actions against a device.

“However, our investigation almost immediately revealed that this malware, whatever it was, did not exhibit the behaviours that we’ve come to expect from the usual adware that so often targets macOS systems,” blogged Red Canary.

Yet it is clear Silver Sparrow is malware, as it contains a self-destruct mechanism that appears to have not been used.

It is also not clear at this stage what would trigger that self-destruct function, and it is also unclear how the malware found its way onto the infected Macs, but they speculated it may have been through malicious search results.

The researchers found that Silver Sparrow contains code that runs natively on Apple’s in-house M1 chip that was released in November, making only the second known malware to do so.

“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany,” wrote Red Canary.

Unknown goal

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” it added.

“Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later,” the firm wrote.

Apple has reportedly revoked the developer certificates used by the malware, in an effort to prevent any future infections.

Revoking the developer certificates also creates barriers for any existing malware infections to be able to take additional actions, it is being reported.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

58 mins ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

2 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

5 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

6 hours ago

Bitcoin Surges To Above $93,000 For First Time

Bitcoin price reaches new record, amid hope that incoming Trump administration will implement crypto-friendly policies

23 hours ago