Mac users have always had less problems with viruses and malware than had Windows users. Much of this is because Windows is more entrenched; if you’re a hacker, are you going to write code for 7.6%% of the market that use Macs, or the 92% with Windows? Apple makes it harder to install software that isn’t vetted through the Apple Store. And the Mac architecture, based on UNIX, is cleaner and more secure by nature than Windows. Some malware is made for the Macintosh, but it isn’t much.

With the move to the new M1 chipset in November 2020, Apple promised that their newest Macs would be the safest yet–and safer than Intel based computers. No wonder Mac users have come to feel smug about the security of their systems.

Silver Sparrow

That all changed last month. A new malware package specifically for Macintosh, and which can infect both Intel and M1 machines was discovered in February. Silver Sparrow uses the MacOS Installer’s Javascript API to execute commands without any other payload.

What does Silver Sparrow do?

All we know about Silver Sparrow is that it contacts a Command and Control (or C2) server once an hour. It is believed that the hackers are waiting for enough machines to be infected before launching some sort of massive scale attack using these infected machines. The fact that the software had a valid developer certificate issued by Apple means that Apple XProtect and other safeguards were ineffective. Apple has since revoked this certificate–thus preventing further machines from being infected. So far, over 29,000 Macs were infected. Given the methods used, there is a good chance that a similar future attack using a co-opted software certificate would be effective.

Other Reading

• https://www.macworld.co.uk/feature/mac-viruses-list-3668354/
• https://9to5mac.com/2021/01/11/mac-huge-q4-growth-49-percent
• https://www.macworld.co.uk/news/new-malware-m1-mac-3801981/
• https://www.macworld.co.uk/news/can-macs-be-hacked-3801843/