macOS "Silver Sparrow" malware
Accepted Answer
-
There are two versions of the Silver Sparrow malware, the key difference being the targeted OS architecture. One variant of Silver Sparrow is designed for Intel x86_64 system architecture, the other for both the previously mentioned architecture, as well as the new Apple M1 ARM64 chipset.
Both variants of the malware are known and included in the latest F-Secure malware definition databases, labelled respectively as Malware.OSX/Agent.smpwq, and Malware.OSX/Agent.JR. Subsequently, our Anti-Malware Labs are aware of these malware variants, and have already marked the publicly available samples in our virus database; F-Secure has not, however, yet received any case from F-Secure customers reporting a possible Silver Sparrow infection.
If you have any sample you would like our lab to test, you may drop us the file sample in the link below
https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample
In conclusion, if the Mac hosts and F-Secure software for Mac remain up-to-date, the Silver Sparrow malware should be successfully blocked.
Answers
-
Hello @TunPlu ,
It seems that few days ago Red Canary discovered a new macOS malware called Silver Sparrow that uses the Javascript API in the macOS installer to execute commands. This malware can attack Intel Macs and those based on Apple M1, the ARM architecture.
Currently, Silver Sparrow has not been observed to do anything undesirable - the binaries in it, when run, depending on the version (there are two), display a window saying "Hello World!" or "You did it!", so it looks like a proof of concept - but it was found for nearly 30,000 Macs in 153 countries, mainly in the US, UK, Canada, France and Germany, indicating that the rates of infection are much higher. Silver Sparrow uses AWS and Akamai's CDN, making it difficult to block.
An Apple employee has unofficially announced that the responsible developer certifications have been revoked and that there is currently no evidence that Silver Sparrow is malfunctioning.
-
Hi Lucaseuropa and Tunplu.
I have read the blog from Malwarebytes.
The Silver Sparrow can be infected both M1 Apple Silicon Macs and Intel Macs..
Malwarebytes claimed that Malwarebytes for mac able to detect the Silver Sparrow for mac.
See the details below.
https://blog.malwarebytes.com/mac/2021/02/the-mystery-of-the-silver-sparrow-mac-malware/
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!