Mysterious macOS malware discovered with M1 optimization, threat remains unclear

Security researchers have discovered a previously undetected malicious element affecting Mac users around the world, including newer Macs with M1. Red Canary researchers claim that this “Silver Sparrow” malware forces infected Macs to check a monitoring server once an hour, but the real threat remains a mystery.

As reported by Ars Technica, the researchers have yet to observe a true “delivery of any payload” to the infected machines. Hence, the ultimate purpose of this malware is unknown. “The lack of a final payload suggests that the malware can kick in once an unknown condition is met,” explains the repot.

The malware also comes with its own “self-destruct” mechanism, but there is no evidence that it has been used yet. Silver Sparrow has been found on 29,139 macOS endpoints around the world:

The malicious binary is even more mysterious, as it uses the JavaScript API of the macOS installer to execute commands. This makes it difficult to analyze the contents of the installation package or the way that package uses JavaScript commands.

The malware has been found in 153 countries with detections concentrated in the United States, United Kingdom, Canada, France and Germany. Its use of Amazon Web Services and the Akamai content delivery network ensures that the ordering infrastructure works reliably and also makes it harder to block servers.

The Silver Sparrow malware also runs natively on Apple’s M1 chip. This makes it the second malware discovered optimized for Apple Silicon, with the first coming earlier this week. This does not mean that M1 Macs are specifically targeted, but the malware can also affect M1 Macs and Intel Macs.

Optimization of the M1 chip combined with things like infection rate and maturity is what worries researchers at Red Canary:

“While we have yet to observe Silver Sparrow delivering additional malicious payloads, its compatibility with forward-looking M1 chips, global reach, relatively high infection rate, and operational maturity suggest that Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver potentially payload impact at all times. Given these areas of concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry as soon as possible. “

Again, so far researchers have yet to find out that the binary is doing anything – but it’s a looming threat. You can read more on the Red Canary blog here.

Check out 9to5Mac on YouTube for more information on Apple: