Macs and viruses aren’t all that common, but the one that was recently discovered by researchers is even less so. Security researcher Red Canary has published information about a new “activity cluster” that has infected 29,139 Macs across more than 150 countries but is missing one key ingredient: a reason to be.
In the report, Red Canary and Malwarebytes outline a new strain of macOS malware called Silver Sparrow that affects both Intel and Apple silicon processors. The companies have determined that the sheer scale of the malware is enough to pose “reasonably serious threat” even though it “did not exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems.”
In short, it doesn’t do anything. That’s not all that reassuring, given that tens of thousands of Macs could have potentially been infected, but based on the findings and investigations of multiple strains, the virus was “positioned to deliver a potentially impactful payload at a moment’s notice.”
Apple has since revoked the developer certificates that allowed the virus to propagate and says new machines can no longer be infected. Apple’s own research echoed Red Canary’s findings and uncovered no evidence that the malware has delivered a malicious payload to any of the infected machines.
The Red Canary team is unclear as to how the virus spread to so many Macs, but noted that it exhibited properties that are common with malicious macOS adware.
While the virus doesn’t appear to have any malicious intent, Red Canary is warning users that the virus could have potentially been extremely harmful to the system due to its “chip compatibility, global reach, relatively high infection rate, and operational maturity.”
Silver Sparrow isn’t the first malware to infect Apple’s new M1 chip. Last week, security specialist Patrick Wardle reported on adware that was compiled specifically to target the new ARM chip in the MacBook Air, MacBook Pro, and Mac mini. The developer certificate associated with that malware has also been revoked by Apple.
Red Canary has a deep dive into the inner workings of Silver Sparrow on its blog post titled, “Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight.”
Update 7:25 PM:Apple provided some background on the Silver Sparrow malware and confirmed that it can no longer spread.
Michael Simon has been covering Apple since the iPod was the iWalk. His obsession with technology goes back to his first PC—the IBM Thinkpad with the lift-up keyboard for swapping out the drive. He's still waiting for that to come back in style tbh.