macOS "Silver Sparrow" malware

TunPlu Posts: 1 New Member
edited November 2021 in F-Secure Internet Security

Does anyone know if the most current Mac version of the software can identify the so-called "Silver Sparrow" Mac malware?

Accepted Answer

  • Jaims
    Jaims Posts: 846 Former F-Secure Employee
    Answer ✓

    Hi @TunPlu @Rusli

    There are two versions of the Silver Sparrow malware, the key difference being the targeted OS architecture. One variant of Silver Sparrow is designed for Intel x86_64 system architecture, the other for both the previously mentioned architecture, as well as the new Apple M1 ARM64 chipset.

    Both variants of the malware are known and included in the latest F-Secure malware definition databases, labelled respectively as Malware.OSX/Agent.smpwq, and Malware.OSX/Agent.JR. Subsequently, our Anti-Malware Labs are aware of these malware variants, and have already marked the publicly available samples in our virus database; F-Secure has not, however, yet received any case from F-Secure customers reporting a possible Silver Sparrow infection.

    If you have any sample you would like our lab to test, you may drop us the file sample in the link below

    In conclusion, if the Mac hosts and F-Secure software for Mac remain up-to-date, the Silver Sparrow malware should be successfully blocked.


  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hello @TunPlu ,

    It seems that few days ago Red Canary discovered a new macOS malware called Silver Sparrow that uses the Javascript API in the macOS installer to execute commands. This malware can attack Intel Macs and those based on Apple M1, the ARM architecture.

    Currently, Silver Sparrow has not been observed to do anything undesirable - the binaries in it, when run, depending on the version (there are two), display a window saying "Hello World!" or "You did it!", so it looks like a proof of concept - but it was found for nearly 30,000 Macs in 153 countries, mainly in the US, UK, Canada, France and Germany, indicating that the rates of infection are much higher. Silver Sparrow uses AWS and Akamai's CDN, making it difficult to block.

    An Apple employee has unofficially announced that the responsible developer certifications have been revoked and that there is currently no evidence that Silver Sparrow is malfunctioning.

  • Rusli
    Rusli Posts: 1,019 Influencer
    edited March 2021

    Hi Lucaseuropa and Tunplu.

    I have read the blog from Malwarebytes.

    The Silver Sparrow can be infected both M1 Apple Silicon Macs and Intel Macs..

    Malwarebytes claimed that Malwarebytes for mac able to detect the Silver Sparrow for mac.

    See the details below.

This discussion has been closed.
Pricing & Product Info