Around 30,000 Macs all across the world have been infected by a mysterious malware called Silver Sparrow according to researchers at security software vendor Red Canary. What makes the malware so interesting and unusual is that so far none of the infected devices have shown any malicious behaviour.
As if the world needed a reminder that no single platform is safe from infection, be it a human or a computer, a new malware named Silver Sparrow has alarmed security specialists across the world. Although the name Silver Sparrow may sound like something out of a Game of Thrones book, the malware is infecting MacBook devices across the world.
Why is the Silver Sparrow malware so interesting?
According to the researchers at Red Canary, it is so far not clear what the malware’s actual goal is. In Red Canary’s lengthy blog post, the firm announced that it hasn’t observed the malware carrying any harmful actions against a device.
Another reason why the Silver Sparrow malware is so fascinating is that it is the second known malware that is capable of targeting Apple’s newest M1 ARM-based Macs. These 30,000 macs are located in over 150 countries across the globe. According to the folks over at Red Canary, each infected mac communicates with a server every 60 minutes to see if there’s a command that needs to be carried out.
The malware also comes-with a self-destructing command, so researchers are of the opinion that the central server may initiate a command which the malware may execute and then it will disappear from the device.
Fortunately, the malware was not able to infect more devices before it was identified. Apple has already revoked the permission that would enable the malware to be installed in Mac devices. But it can be safely assumed that true damage may have already been done as this malware was found in the wild.
How do I find and remove the ‘Silver Sparrow’ malware?
If you feel like your device may be infected with Silver Sparrow, just rewind and take a few steps back to identify if you’ve done something new to your system recently. Did you install a new software package or updated an unidentified one? Were you waiting for a website to load and a download package popup appeared? Was the package file of the downloaded file named something like update.pkg?
If that is the case then you should be a little suspicious. While you may never know whether your system is infected by the malware since it’s just sitting idly at the moment, and its unclear whether it ever will do something- you can hunt for specific files in your terminal.
According to the good samaritans at the Silver Sparrow, 4 of the following files may be infected:
~/Library/._insu
/tmp/agent.sh
/tmp/version.json
/tmp/version.plist
In closing,
So there we have it. The popular notion that apple devices are largely immune to malware stands corrected. The unidentified sophisticated hackers who created Silver Sparrow may be creating a cyber trap that may cause more harm than ever.