'Silver Sparrow' malware infects about 30,000 Macs worldwide

But so far the new attack does...nothing

Researchers at cyber security firm Red Canary have discovered a new strain of malware that has infected more than 30,000 Macs worldwide, although it's currently just lying dormant.

The Red Canary team says it hasn't yet seen the malware delivering any malicious payloads, and there is no indication to suggest that cyber actors have used it or malicious activities.

According to researchers, the so-called Silver Sparrow malware contains a binary that is compiled to run on Apple's own M1 chip. M1 is a relatively newer chip, released in November.

Last week, a separate group of security researchers claimed that they had discovered a different malware strain targeting the M1 chip. This means that Silver Sparrow is now the second known piece of malware to contain code created specifically to target Apple's device.

Silver Sparrow has infected nearly 30,000 Macs in 153 countries, according to Malwarebytes researchers, with most infections reported in the USA, UK, France, Canada, and Germany.

Infected Macs connect with a control server every 60 minutes to check for any new binaries or commands to execute. The absence of a final payload for the malware suggests that it may come into action once an unknown condition is met.

The malicious binary uses the macOS Installer JavaScript API to run commands, which makes it difficult to analyse the contents of the installation package.

The malware also includes a self-destruction mechanism to remove any traces from infected system. It appears that its operators have not yet used the function, and the researchers have no idea what would trigger it.

Researchers have so far discovered two versions of the malware. The first has a binary in Mach-object (Mach-O) format compiled for Intel x86_64 processors, while the second version features a Mach-O binary for the M1 chip.

Apple has revoked the affected binaries to keep users from accidentally installing the malware. They also believe that Silver Sparrow could become a 'reasonably serious' threat in the near future, considering its global reach, relatively high infection rate and M1 chip compatibility.

"To me, the most notable [thing] is that it was found on almost 30K macOS endpoints... and these are only endpoints the Malwarebytes can see, so the number is likely way higher," Patrick Wardle, a macOS security expert, wrote in an Internet message seen by Ars Technica.

"That's pretty widespread... and yet again shows the macOS malware is becoming ever more pervasive and commonplace, despite Apple's best efforts."