Apple acts to prevent further spread of Silver Sparrow Mac malware

Monday, February 22, 2021 4:06 PM

Apple says that it has taken steps to prevent further spread of the Mac malware known as Silver Sparrow. The malware was notable for the fact that it runs natively on the M1 chip.

Apple says that it has revoked the security certificates of the developer accounts used to sign the packages, which will prevent it being installed on any further Macs…

As we reported over the weekend, this piece of malware has proven to be perplexing to security researchers for a handful of reasons. Silver Sparrow forces infected Macs to check a control server once per hour, and it includes a self-destruct mechanism, but researchers have yet to actually observe its malicious intent.

Apple also reiterated that Silver Sparrow has yet to deliver a malicious payload yet and that all software downloaded outside of the Mac App Store offers “industry-leading” protection for users. For instance, Apple requires all software to be notarized, whether downloaded from the App Store or elsewhere.

One interesting tidbit about Silver Sparrow is that it runs natively on Apple’s M1 chip. This doesn’t mean that M1 Macs are specifically targeted, but the malware can equally affect M1 Macs and Intel Macs. We expect most macOS malware in the future to be optimized for Apple Silicon as Apple continues to transition away from Intel.