Silver Sparrow (malware)

The Silver Sparrow computer virus is malware that runs on x86- and Apple M1-based Macintosh computers. Engineers at the cyber security firm Red Canary have detected two versions of the malware in January and February 2021.

Description
Two versions of the malware were reported. The first version (described as the "non-M1" version) is compiled for Intel x86-64. It was first detected in January 2021. The second version contains code that runs natively on Apple's proprietary M1 processor, and was probably released in December 2020 and discovered in February 2021. The virus connects to a server hosted on Amazon Web Services. The software includes a self-destruct mechanism.

As of 23 February 2021, information about how the malware is spread and what system may be compromised is sparse. It is uncertain whether Silver Sparrow is embedded inside malicious advertisements, pirated software, or bogus Adobe Flash Player updaters. Red Canary has theorized that systems could have been infected through malicious search engine results that might have directed them to download the code. The ultimate object of the malware's release is also still unknown.

Silver Sparrow is the second malware virus observed to include M1-native code.

Impact
As of 23 February 2021, Internet security company Malwarebytes has discovered over 29,000 Macs worldwide running their anti-malware software to be infected with Silver Sparrow. Silver Sparrow infected Macs have been found in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France, and Germany, according to data from Malwarebytes. Over 39,000 Macs were affected in the beginning of March 2021.

On 23 February 2021, a spokesperson of Apple Inc. stated that "there is no evidence to suggest the malware they identified has delivered a malicious payload to infected users." Apple also revoked the certificates of the developer accounts used to sign the packages, thereby preventing any additional Macs from becoming infected.