Mac owners are lucky. They don’t have to worry about malware as much as PC owners do. A new Mac malware threat named “Silver Sparrow” affects both Intel and Apple Silicon M1 Macs. We’ll talk about the malware, it’s potential, and how to find and remove it.
The true goal of this malware is unknown. Security company Red Canary published a detailed article describing how the malware was first detected. It takes advantage of JavaScript and macOS plists to perform its tasks.
Silver Sparrow’s precursors first appeared on August 18, 2020. The first detection by Red Canary was on January 26, 2021. There are now two varieties of this malware in the wild – one that affects only Intel Macs, and the other that can infect M1 Macs as well.
What could it potentially do? The malware checks a download URL on a regular basis, so it can deliver ransomware or annoying adware if it found a malevolent “payload” at the download site.
Red Canary says that
“According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany.”
From the Red Canary article:
Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice. Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.
Tony Lambert, Red Canary
Silver Sparrow and similar malware is considered a serious threat, but it’s not expected to spread much further. Apple suspended the developer certificates used to sign the package files that start the infection. If you use the Mac’s default security settings, the malware can’t be installed. That’s a relief!
Any standard virus checker on your Mac — like the free versions of Malwarebytes or ClamXAV — finds and destroys Silver Sparrow during a standard scan. Make sure the definition files for the virus checker are up to date.
A Lifehacker post about Silver Sparrow describes four files whose existence suggests your Mac might be infected with the malware:
A commenter on Ars Technica with the pseudonym “effgee” provided a detailed set of instructions on how to look for these files and clean up an infected Mac. We won’t repeat these here due to their length, but to perform a manual check and cleansing if you’re comfortable with the Terminal app, here’s a link.
To summarize, Silver Sparrow has been grounded by Apple and antivirus app publishers, but it did spread quickly. While the malware didn’t deliver a hazardous payload to any of the infected Macs, it has the potential to do so if not cleaned off of those Macs.
During a call with analysts regarding Apple’s latest finances, Apple Chief Financial Officer Luca Maestri…
Apple CEO Tim Cook and CFO Luca Maestri praise the Vision Pro’s reception in the…
Apple quarterly revenue is down 4% year-over-year, but Services and Mac revenues are up.
Apple continues to look into ways to make the Vision Pro more comfortable.
Apple has filed for another patent that hints at a foldable iPhone (of which I’m…
Apple has been granted a patent (number US 11875021 B2) for an “Underwater User Interface”…