Security researchers at Red Canary have discovered a mysterious new malware on nearly 30,000 Macs, though the actual number of infected computers is probably much higher. It appears that the malware, nicknamed Silver Sparrow, is waiting for the right moment to deliver a malicious payload to its host devices. It’s one of the first viruses to run natively on both Intel and M1 Macs.
Silver Sparrow hasn’t harmed any computers yet, but it checks a control server for new commands every hour. Without access to this control server, we have no way of knowing the goal behind Silver Sparrow. That said, the fact that someone is waiting to “activate” the malware is alarming.
Another alarming factor is Silver Sparrow’s unique, ingenious design. It’s distributed in two unique packages, titled
Upon installation, Silver Sparrow looks up the URL that it was downloaded from, probably to help its designers track which infection methods are the most effective. Interestingly, Silver Sparrow relies on AWS S3 and Akamai CDN cloud services for file distribution, which suggests that its designers are experienced with web servers and cloud computing. Cloud distribution is more resilient than single-server distribution methods, and using popular cloud infrastructure like AWS allows the malware designers to “blend in” with regular web traffic.
Red Canary teamed up with MalwareBytes and found the Silver Sparrow virus on nearly 30,000 computers. Of course, this is just the number of infected computers that MalwareBytes has access to, the actual number of infected computers is probably much higher. Scroll to the bottom of Red Canary’s report if you want to hunt for Silver Sparrow on your Mac, or use the MalwareBytes antivirus software to scan your computer for the virus.