Just last week, we saw reports of malware being made for the relatively new Apple M1 chip. Then over the weekend, researchers at Malwarebytes and Red Canary another mysterious malware that they call Silver Sparrow. And they are mysterious because they haven’t actually done anything yet.
According to the Red Canary blog post, Silver Sparrow has infected 29139 macOS devices as of 17 February. These range from the older generation Intel-based ones as well as the new M1 ones.
As mentioned earlier, Silver Sparrow has yet to actually do anything yet. Instead, infected Macs check with a control server every hour to see if there are new commands for the malware to carry out. Even stranger is the fact that the malware is set to wipe all traces of its existence once it’s carried out its goal.
Beyond that, Silver Sparrow is also made to make use of infrastructure hosted on Amazon Web Services Simple Storage Service (AWS S3). It also uses Akamai CDN for its callback domains. As Red Sparrow explains most companies cannot afford to block access to AWS and Akamai. This suggests that the malware maker is very experienced.
It’s perhaps a stroke of luck that a dormant, self-destructing malware was discovered before it did its thing. Apple has also already revoked the binaries for Silver Sparrow, meaning you shouldn’t be able to install it accidentally.