Earlier in February, researchers from the security firm Red Canary have published information about a new strain of macOS malware. The malware, called Silver Sparrow, involves a binary compiled to work with M1 chips and has infected almost 30. 000 Macs from more than 150 countries.
The company has posted a comprehensive report on its blog with the title “Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight.” According to the blog post, this new “activity cluster” affects both Intel and Apple silicon processors, but strangely so far lacks any “malicious payloads”:
“Silver Sparrow is a cluster of activity that includes a binary compiled to run on Apple’s new M1 chips but lacks one very important feature: a malicious payload.” Read More
And although security companies have determined that this is enough to pose a “reasonably serious threat”, the malware so far “did not exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems.”
But this does not mean that it is harmless. Research from cloud workload protection platform (CWPP) VMware Carbon Black and the internet security company Malwarebytes showed that Silver Sparrow is a “previously undetected strain of malware” that was most likely “positioned to deliver a potentially impactful payload at a moment’s notice.” Red Canary also warned users that the virus could prove to be a dark horse due to “chip compatibility, global reach, relatively high infection rate, and operational maturity” and might still pose “a reasonably serious threat.”
RELATED ARTICLE: New Intel Ad Slams Macs With ARM-Based M1 Chips
“The ultimate goal of this malware is a mystery,” Red Canary admits. “We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution.”
So far, two versions of the malware were discovered. One of the versions affects only Intel-based Macs, while the other version is designed for both Intel and M1 architectures. Since then, Apple has made its own research into the matter and the findings seem to match those of Red Canary. The company has since revoked the developer certificates that permitted the spread of the virus and assures that no new Macs can be infected with Silver Sparrow.