- A sophisticated piece of malware called Silver Sparrow has already infected 30,000 Macs across the world. Security researchers still aren’t sure what the end-goal of the malware is.
- Silver Sparrow is quite sophisticated and has even infected recently released Macs running Apple’s new M1 processor. The malware also includes self-destruct code designed to conceal its existence.
- Security researchers still aren’t sure how the malware is being distributed.
One of the longstanding benefits of owning a Mac as opposed to a PC is that you’re statistically less likely to encounter malware. While this is partly due to the robust security macOS provides, the Mac platform is inherently safer because the Mac — on account of its small market share — is a less desirable platform for hackers to target. After all, if you’re a malware creator, it only makes sense to target Windows — with its 85% share of the market — than it is to target the Mac.
Still, it’s not as if Macs are impervious to targeted attacks. This past summer, for example, a piece of Mac ransomware masquerading as an app installer for Little Snitch was making the rounds on torrent sites. More recently, security researchers from Malwarebytes and Red Canary unearthed a new piece of malware that may have already infected more than 30,000 machines. The malware is dubbed Silver Sparrow and, speaking to its sophistication, is already targeting machines running Apple’s brand new M1 chip in addition to existing Intel-based machines.
Even more worrisome is that researchers still aren’t exactly sure what the malware is up to because they’ve yet to discover a “final payload.” Further, the malware includes code designed to self-destruct to help cover its tracks. And to top it all off, researchers still haven’t figured out how the malware is being distributed.
Red Canary writes:
Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice.
We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution.
The first instance of the malware start showing up in August, with an M1 variant showing up a few months later in December. In other words, the developers managed to target M1-based machines just a few weeks after Apple announced it.
To date, the malware has been found in more than 150 countries, with the bulk of infections located in the US, the UK, France, and Germany.
As far as malware is concerned, Silver Sparrow is impressively mysterious and introduces a lot more questions than answers.