Silver Sparrow Malware Hatched on 30,000 Macs
For the record, Macs are not immune from infections of malicious software. This is proof that, “ain’t nobody safe!”
Researchers at Red Canary have discovered that nearly 30,000 Macs in 153 countries have been infected with a new malware strain called Silver Sparrow. Although the delivery of additional payloads has not been observed yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggests Silver Sparrow is a reasonably serious threat that is uniquely positioned to deliver a potentially impactful payload at a moment’s notice.
Apple stated that they have a number of measures in place to provide a safe experience for its users such as Apple notary service, which detects malware and blocks it so that it cannot run. The purpose of notarization is that it was specifically designed to identify and block new malware before it can ever infect Macs, but Apple’s automated notarization process has repeatedly notarized dozens of malware samples that Apple has failed to detect as malicious. Therefore, proving itself subpar in the past.
With that being said, it is still unknown the exact method of delivery of the malware to the machines but there are many such theories such as poisoned Google searches to malicious browser extensions. There are two versions of the malware, also known as Slisp. One of them is compiled for Intel Macs and the other one is universal binary that runs on both Intel and ARM based M1 machines. Nevertheless, upon discovering the malware, Apple revoked the certificates of the developer accounts used to sign the packages, preventing new machines from being infected. Apple also added that there is no evidence to suggest the malware identified has actually delivered a malicious payload. Unfortunately, the true impact across the entire macOS environment by this malware is unknown and may be more widespread than disclosed.
It is no secret that macOS generally protects you from most malware and other threats. However, as added protection, it is a good recommendation for consumers to run third-party antivirus or antimalware products to supplement the existing antimalware protections maintained by operating system manufacturers.