Skip to main content

Mysterious macOS malware discovered with M1 optimization, threat remains unclear

Security researchers have discovered a previously undetected piece of malware affecting Mac users around the world, including the new M1-powered Macs. Red Canary researchers say that this “Silver Sparrow” malware forces infected Macs to check a control sever once per hour, but the actual threat remains a mystery.

As reported by Ars Technica, the researchers have yet to observe an actual “delivery of any payload” on the infected machines. Therefore, the ultimate goal of this malware is unknown. “The lack of a final payload suggests that the malware may spring into action once an unknown condition is met,” the repot explains.

The malware also comes with its own “self-destruct” mechanism, but there’s no evidence that it has yet been used. Silver Sparrow has been found found on 29,139 macOS endpoints around the world:

The malicious binary is more mysterious still, because it uses the macOS Installer JavaScript API to execute commands. That makes it hard to analyze installation package contents or the way that package uses the JavaScript commands.

The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany. Its use of Amazon Web Services and the Akamai content delivery network ensures the command infrastructure works reliably and also makes blocking the servers harder.

The Silver Sparrow malware also runs natively on Apple’s M1 chip. This makes it the second piece of malware discovered that is optimized for Apple Silicon, with the first coming earlier this week. This doesn’t mean that M1 Macs are specifically targeted, but the malware can equally affect M1 Macs and Intel Macs.

Optimization for the M1 chip combined with things like the infection rate and maturity is what worries Red Canary researchers:

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice. Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.”

Again, so far researchers haven’t yet found that the binary does anything — but it’s a threat that looms. You can read more on the Red Canary blog post right here.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications