Mystery malware found on ten thousands of Macs

Posted on Monday, February 22 2021 @ 9:33 CET by Thomas De Maesschalck
Apple logo
While there isn't a lot of malware for the Mac platform, Apple's macOS is definitely not immune to cyber threats. Security research firm Red Canary has found an intriguing piece of malware that targets the Mac. The firm is calling it "Silver Sparrow" and says they found evidence the piece of malware has infected almost 30,000 Macs in 153 countries.

There are several interesting things to note about Silver Sparrow. First up, this malware runs natively on the new Apple M1 SoC, making it only the second known piece of macOS malware to do so. It comes in two versions; one binary for Intel x86_64 processors and another one for the M1 SoC. Furthermore, what makes Silver Sparrow so mysterious is that it has no payload.

Red Canary researchers report Silver Sparrow checks in once an hour on a control server to see if there are any new commands or binaries to execute. The malware seems to be spreading quite fast and suggests that despite Apple's best efforts, macOS threats are becoming ever more pervasive and commonplace. There is still a lot less malware for the Mac though, so the odds of getting infected are lower than on the Windows platform. The only way to avoid infections is to remain offline, that will block most of it, but do you really want to miss all the good websites like and your favorite news sites?

Researchers speculate Silver Sparrow will get a payload once an unknown condition is met. They also note the malware has a self-destruct mechanism, which could be used to eradicate any signs of infection once the malware's goal has been reached. In the meantime, we're off playing real money online casino and worrying less about the latest threats.
Once installed, Silver Sparrow searches for the URL the installer package was downloaded from, most likely so the malware operators will know which distribution channels are most successful. In that regard, Silver Sparrow resembles previously seen macOS adware. It remains unclear precisely how or where the malware is being distributed or how it gets installed. The URL check, though, suggests that malicious search results may be at least one distribution channel, in which case, the installers would likely pose as legitimate apps.
More details at ARS Technica.