The Silver Sparrow

computer virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a compu ...

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

that runs on

x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...

- and Apple M1-based

Macintosh The Mac (known as Macintosh until 1999) is a family of personal computers designed and marketed by Apple Inc., Apple Inc. Macs are known for their ease of use and minimalist designs, and are popular among students, creative professionals, and ...

computers. Engineers at the cyber security firm Red Canary have detected two versions of the malware in January and February 2021.

Description

Two versions of the malware were reported. The first version (described as the "non-M1" version) is compiled for Intel x86-64. It was first detected in January 2021. The second version contains

code In communications and information processing, code is a system of rules to convert information—such as a letter, word, sound, image, or gesture—into another form, sometimes shortened or secret, for communication through a communication ...

that runs natively on Apple's proprietary M1 processor, and was probably released in December 2020 and discovered in February 2021. The virus connects to a server hosted on Amazon Web Services. The software includes a self-destruct mechanism. As of 23 February 2021, information about how the malware is spread and what system may be compromised is sparse. It is uncertain whether Silver Sparrow is embedded inside malicious advertisements, pirated software, or bogus

Adobe Flash Player Adobe Flash Player (known in Internet Explorer, Firefox, and Google Chrome as Shockwave Flash) is Software, computer software for viewing multimedia contents, executing rich Internet applications, and streaming media, streaming audio and vide ...

updaters. Red Canary has theorized that systems could have been infected through malicious search engine results that might have directed them to download the code. The ultimate object of the malware's release is also still unknown. Silver Sparrow is the second malware virus observed to include M1-native code.

Impact

As of 23 February 2021, Internet security company

Malwarebytes Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia ...

has discovered over 29,000 Macs worldwide running their anti-malware software to be infected with Silver Sparrow. Silver Sparrow infected Macs have been found in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France, and Germany, according to data from

. Over 39,000 Macs were affected in the beginning of March 2021. On 23 February 2021, a spokesperson of

Apple Inc. Apple Inc. is an American multinational technology company headquartered in Cupertino, California, United States. Apple is the largest technology company by revenue (totaling in 2021) and, as of June 2022, is the world's biggest company b ...

stated that "there is no evidence to suggest the malware they identified has delivered a malicious payload to infected users." Apple also revoked the certificates of the developer accounts used to sign the packages, thereby preventing any additional Macs from becoming infected.

References

2021 in computing Cyberattacks Cybercrime Hacking in the 2020s February 2021 crimes Computer security exploits MacOS malware {{Malware-stub