Apple announced the M1 last year as the first chip designed specifically by the company for Mac computers. It currently replaces Intel chips in Macbook laptops and Mac mini computers. Cybersecurity company Malwarebytes, which assisted Red Canary in analyzing the malware, said it was among the first to include native code for the M1 chips.
The Scope of the Problem
After analysis by Malwarebytes and others, it was determined that Silver Sparrow has so far infected nearly 40,000 Mac computers in 164 countries. High concentrations of infections occurred in the U.S., Canada, the U.K., France, and Germany. But analysts are still not sure how the malware was distributed. Malware hidden in malicious ads, pirated apps and fake Flash updaters are the most common attack vectors for Mac malware strains, according to recent reporting on Silver Sparrow by ZDNet.
Analysts are also uncertain about the purpose of the Silver Sparrow malware. Current research has shown only that it takes root in systems and then awaits further instructions from its operators. But it’s the second malware strain that can compromise Apple’s new M1 architecture. The first was discovered just days before Silver Sparrow.
The proliferation of malware that can target such a new chip architecture so quickly and across a large geographical area has researchers concerned. “Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggests Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” a Red Canary analyst wrote in the company’s detection announcement.
How to Know If You're Infected
Malwarebytes notes that the presence of the ._insu file on a computer likely indicates previous infection. One peculiarity about Silver Sparrow is that this file instructs the malware to delete itself. So it’s possible that the detection of the new malware compelled its operators to employ this kill command.
Protecting Your Mac
Apple provides specific recommendations for securing your Mac computer from malware infection. This includes a security screening system called Gatekeeper that prohibits app installations except through the official Mac App Store. Apple also recommends that users employ caution when dealing with scripts, web archives, and Java archives, all of which can harm your computer.
Apple also requires its app developers to submit their products for review. The process, called “notarization,” scans apps for security vulnerabilities and malicious content. If there are no threats, the app will be authorized by Gatekeeper to install and run on a Mac computer. But there are always new or emerging threats such as Silver Sparrow.
Despite the best efforts of manufacturers and users, malware can penetrate and cause harm to your Mac computer, iPad, or iPhone. Malware infections can lead to data leaks, file corruption, and data loss. Secure Data Recovery Services is an Apple Certified Macintosh Technician provider, and our data recovery engineers have performed successful recovery services on Apple devices for more than a decade.
Our data recovery engineers have custom-built solutions for data migration, restoration, and conversion regardless of what kind of media storage you’re using. Whatever data storage or data loss scenario you face, Secure Data Recovery Services has the solution.