It used to be commonly accepted that Apple computers are less susceptible to malware. Unfortunately, this is no longer the case, as the realm of cybercrime continues to grow. As more Macs are in use, more and more hackers are focused on creating malware to manipulate macOS, making the operating system much less of the untouchable fortress that it used to be.
A new strain of macOS malware, nicknamed Silver Sparrow, has been spotted skulking around cyberspace. Security experts across the web have warned us about this new form of malware due to the unique techniques it employs. It has been prepared to be compatible with Apple’s new M1 ARM64 architecture that was first implemented with the latest line of MacBooks. That means that hackers intend on this malware sticking around for a while.
Silver Sparrow works by creating launch agents. The launch agents are a feature of macOS that allow a user to write code that can be automatically and persistently executed upon launching the operating system. This process in itself is harmless and an intended feature of the operating system. However, Silver Sparrow can create launch agents that execute a malicious payload, injecting a virus, adware, keylogger, or other dangerous malware. Depending on the kind of malware, the payload could damage your computer system, erase data from it, or worst of all, collect data and send it to the hacker to use or sell. Silver Sparrow opens the door for all kinds of malware to access systems running on a traditional Intel chip as well as those running on Apple’s new M1 chip.
“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany,” stated in Red Canary’s report. An in-depth analysis by experts from Red Canary, Malwarebytes, and VMWare Carbon Black, has not yet determined the end-goal of the Silver Sparrow anomaly.
Considering Silver Sparrow is compatible with Apple’s M1 chip, globally present, and relatively infectious, it is apparent that it will be used to facilitate infection of Mac computers, and all Mac users should exhibit caution. Do not download any applications from mysterious or suspicious looking websites. Always make sure to download software directly from the original manufacturer’s website when possible, or from trusted software distribution platforms such as Apple’s App Store.
As previously stated, the malware has already infected thousands of machines, so if you believe you may be affected by said malware, see the following article:
https://lifehacker.com/find-and-remove-the-new-silver-sparrow-macos-malware-1846324908
Interested in reading more about Silver Sparrow? See the following articles:
https://redcanary.com/blog/clipping-silver-sparrows-wings/
https://blog.malwarebytes.com/mac/2021/02/the-mystery-of-the-silver-sparrow-mac-malware/
https://www.pcmag.com/news/silver-sparrow-malware-discovered-on-30k-infected-macs
