Apple’s new M1 chips had no known malware for them…until now. A vulnerability dubbed the “Silver Sparrow” is an activity cluster that includes a malicious binary compiled to run on the new model. What is unique about this vulnerability, and does it lack a payload?
Silver Sparrow uses a launch agent to establish persistence, which is not a new technique however, the behaviour is. As a result, it uses the JavaScript API for execution to load adware onto the device.
Silver sparrow, according to Malwarebytes, infected 29,139 macOS endpoints across 153 countries as of February 17th. Red Canary, the original firm to discover this strain of malware, did not observe a final payload, which means the real threat remains a mystery.
The impact:
Silver Sparrow deploys adware onto the device, which is malware that deploys malicious advertisements. If a user is to visit these malicious links, then an attacker can execute arbitrary commands to the victim’s device.
The remediation:
Apple revoked the developer accounts’ certificates used to sign the malicious packages in the Silver Sparrow malware. This action has rendered future infections harmless.
Currently, there is NOT a patch for the dormant malware. As soon as a patch is released, it is recommended that macOS users download it immediately.
Source: Red Canary