Security researchers have discovered a previously undetected piece of malware affecting Mac users around the world, including the new M1-powered Macs. Red Canary researchers say that this “Silver Sparrow” malware forces infected Macs to check a control sever once per hour, but the actual threat remains a mystery.
The malware identified by Red Canary researchers has been found in 153 countries, with concentrations in the United States, the United Kingdom, Canada, France, and Germany. According to the researchers, Silver Sparrow, as they’re calling this security threat is mysterious: so far, it simply forces affected computers to check a server once an hour, but that doesn’t mean there’s no potential risk.
Red Canary explains, “though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest it’s a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice.”
For that reason, the researchers are sharing everything they know about the Silver Sparrow before things get dangerous. Other than its oddly dormant state, the novelty of the malware also arises from its use of the macOS Installer JavaScript API to execute commands.
When installed on an Intel-based Mac, users will see a blank window displaying a “Hello, World!” message. On M1-powered Macs, you’ll instead see a red window reading, “You did it!”
Again, so far researchers haven’t yet found that the binary does anything.
