EFFECTED USERS: Every (Apple) Macbook User

Hair of fire 4 of 5

SUMMARY: There is a new, somewhat mysterious malware package infecting Macbooks called “Silver Sparrow”

We have talked about malware many times, but this particular package is interesting because it is spreading quickly, seems to have infected about 30,000 macbooks so far, and it is built for the future by being compatible with the new M1 Apple processor.

Several posts and articles seem to be mischaracterizing this malware as “new macbooks only.” Here is an example: https://www.businessinsider.com/apple-m1-computer-malware-attack-silver-sparrow-mac-mini-macbook-2021-2

But, that’s not true. Silver sparrow can infect any macbook, with or without an M1 chip.

What is also interesting is that we don’t know what this malware does yet, because it just seems to be ‘calling’ it’s host server, and the host server does not respond with anything bad.

This is obviously a bit complex and concerning, so we brougt in someone from the team that discovered Silver Sparrow.   His name is Brian Donohue, Intelligence Analyst, Red Canary

Brian has been writing about and researching information security for the last decade. He started his career as a journalist and later became a threat intelligence analyst. Now, he works a prominent security company called Red Canary, which found and reported this new malware.

Welcome Brian!

Does Silver Sparrow effect only Macbooks?

How does Silver Sparrow get on to a Macbook? Does it seem that the malware was shipped with new Macbooks, or do  Macbooks get infected later?

Can Silver Sparrow infect Macbooks that do *not* have an M1 chip?

Silver Sparrow malware seems to be calling back to a host for instructions, but the host is not yet replied.  Why would the hacker do this?  Do we know what event will trigger Silver Sparrow to do more than just call its host?

How can a Macbook user figure out if they have been infected?  If a Macbook owner is infected, what should they do right now?

Antivirus Software:

Malwarebytes

Sophos