Macs and viruses aren’t all that common, but the one that was recently discovered by researchers is even less so. Security researcher Red Canary has published information about a new “activity cluster” that has infected 29,139 Macs across more than 150 countries but is missing one key ingredient: a reason to be.
In the report, Red Canary and Malwarebytes outline a new strain of macOS malware called Silver Sparrow that affects both Intel and Apple silicon processors. The companies have determined that the sheer scale of the malware is enough to pose “reasonably serious threat” even though it “did not exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems.”
In short, it doesn’t do anything. That’s not all that reassuring, given that tens of thousands of Macs could have potentially been infected, but based on the findings and investigations of multiple strains, the virus was “positioned to deliver a potentially impactful payload at a moment’s notice.”
Apple has since revoked the developer certificates that allowed the virus to propagate. The Red Canary team is unclear as to how the virus spread to so many Macs, but the virus exhibited properties that is common with malicious macOS adware.
While the virus doesn’t appear to have any malicious intent, Red Canary is warning users that the virus could have potentially been extremely harmful to the system due to its “chip compatibility, global reach, relatively high infection rate, and operational maturity.”
Silver Sparrow isn’t the first malware to infect Apple’s new M1 chip. Last week, security specialist Patrick Wardle reported on adware that was compiled specifically to target the new ARM chip in the MacBook Air, MacBook Pro, and Mac mini. The developer certificate associated with that malware has also been revoked by Apple.
Red Canary has a deep dive into the inner workings of Silver Sparrow on its blog post titled, “Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight.”