#43 – How to Find and Remove The Little Bird in Your Macbook


img_4479

EFFECTED USERS: Every (Apple) Macbook User

Hair of fire 4 of 5

SUMMARY: There is a new, somewhat mysterious malware package infecting Macbooks called “Silver Sparrow”

We have talked about malware many times, but this particular package is interesting because it is spreading quickly, seems to have infected about 30,000 macbooks so far, and it is built for the future by being compatible with the new M1 Apple processor.

Several posts and articles seem to be mischaracterizing this malware as “new macbooks only.” Here is an example: https://www.businessinsider.com/apple-m1-computer-malware-attack-silver-sparrow-mac-mini-macbook-2021-2

But, that’s not true. Silver sparrow can infect any macbook, with or without an M1 chip.

What is also interesting is that we don’t know what this malware does yet, because it just seems to be ‘calling’ it’s host server, and the host server does not respond with anything bad.

This is obviously a bit complex and concerning, so we brougt in someone from the team that discovered Silver Sparrow.   His name is Brian Donohue, Intelligence Analyst, Red Canary

Brian has been writing about and researching information security for the last decade. He started his career as a journalist and later became a threat intelligence analyst. Now, he works a prominent security company called Red Canary, which found and reported this new malware.

Welcome Brian!

Does Silver Sparrow effect only Macbooks?

How does Silver Sparrow get on to a Macbook? Does it seem that the malware was shipped with new Macbooks, or do  Macbooks get infected later?

Can Silver Sparrow infect Macbooks that do *not* have an M1 chip?

Silver Sparrow malware seems to be calling back to a host for instructions, but the host is not yet replied.  Why would the hacker do this?  Do we know what event will trigger Silver Sparrow to do more than just call its host?

How can a Macbook user figure out if they have been infected?  If a Macbook owner is infected, what should they do right now?

Antivirus Software:

Malwarebytes

Sophos

Published by

David W. Schropfer

David W. Schropfer is the CEO of SAFE (Smartphone Authentication For Everyone), a cybersecurity company in New York (www.theSafe.io).  Every day, he and his team of professionals keep the people who use The SAFE Button protected from some of the most common traps, hacks and attacks that target computer systems of all sizes. David is the author of the bestselling cybersecurity book, Digital Habits: 5 Simple Tips to Help Keep You and Your Information Safe Online. His previous books, including The Smartphone Wallet and industry whitepapers, predicted some of the biggest trends in the payments, mobile, and security industries.  Since graduating Boston College, David earned an Executive MBA from the University of Miami.