‘Silver Sparrow’ malware infects M1 Macs, baffles experts

Researchers discovered a new type of malware called Silver Sparrow that targets Macs with Apple's M1 chip.

It’s been a little over three months since Apple introduced its in-house M1 chip. The silicon has largely been met with positive reviews from consumers and has performed well in benchmark tests. However, researchers from security firm Red Canary have discovered an issue that specifically targets Apple’s new chip, Ars Technica reports.

Dubbed “Silver Sparrow,” the malware was discovered on nearly 30,000 Macs. The infected machines are reportedly located in 153 countries. At this time, it’s unclear what the malware’s payload is. Making matters even more strange is the built-in self-destruct mechanism that could reportedly wipe all traces of the bug from existence.

That being said, the Red Canary researchers found the malware before it was able to self-destruct. This allowed Apple to take action against Silver Sparrow and (hopefully) prevent other Mac users from downloading it. Even so, the security firm calls the newly discovered malware “a reasonably serious threat.”

Manage your supply chain from home with Sourcengine

Glass Castle

Many people still hold the false belief that Apple’s Mac computers are invulnerable to malware. While that seemed to be true for many years, it has since been proven time and time again that Macs can be infected.

The new Silver Sparrow malware serves as the latest example. It’s also the second known case of malware infecting Apple’s new M1 chip. Of course, the M1 wasn’t Silver Sparrow’s only target. Red Canary researchers also found versions designed to attack Intel’s silicon.

As noted, Apple has already taken action against the malware. It reportedly revoked the binaries for the code, meaning that users shouldn’t be able to accidentally download it.

That being said, Silver Sparrow is already in the wild and on the hardware of consumers. In a tweet late last week, Red Canary warned, “Given all of this, Silver Sparrow is uniquely positioned to deliver a potentially impactful payload at a moment’s notice, so we wanted to share everything we know with the broader infosec community sooner rather than later.”

The good news is that the malware doesn’t seem to have delivered any payloads on the 30,000 machines that are infected. While that’s reassuring for consumers, it also means that researchers don’t know Silver Sparrow’s end goal.

Questions Remain

Perhaps more baffling than the fact that Silver Sparrow hasn’t released a payload is its self-destruct feature. As Ars Technica notes, that is typically reserved for “high-stealth” malware. Once again, the self-destruct feature hasn’t yet been used according to researchers.

It’s unclear why the hackers have seemingly gone silent with their malware. Perhaps it is because experts were able to uncover it before any damage could be done. Or, those behind the attacks could be planning something more nefarious. At this point, it is still too soon to tell.

In the meantime, researchers have plenty of questions about Apple’s M1 chip. Most legitimate developers are still working on getting their code to run natively on the in-house silicon. That means hackers like those behind Silver Sparrow are moving very quickly. It will be interesting to see if this continues to be a problem for Apple’s Mac processor.


Please enter your comment!
Please enter your name here