The mysterious malware that has infected 30,000 Macs with M1

It has recently been discovered other malware that affects Macs. Although researchers have seen that, so far, doesn’t seem to be very malicious. Some time ago we saw the first malware developed specifically for Macs with the M1 chip, but there seems to be more malware aimed at Macs than Apple would expect.


Earlier this month, researchers from Red Canary discovered a macOS malware that used LaunchAgent to get in. Researchers observed that this malware behaved differently, due to how it used JavaScript for its execution.

A malware with a first and last name

“Silver Sparrow” it’s what the researchers have called it. It has a complex binary system to specifically work with M1 chips, which makes it a malware directed almost exclusively at Macs.

The researchers also see it likely that Silver Sparrow could be a “Strain” previously undetected malware. It has also been found that in almost 30,000 infected macs, none have suffered damage, something that perhaps could change in the future. Due to compatibility with M1, the “contagion rate” is quite high and would be considered a threat if serious enough like so you can do something shocking at any time.

Optimizing your Mac is really easy

There would be two versions of this malware

The first would affect only the Intel-based macs. The second is a bit more complex and would affect, as we have already said, the macs with M1. In the first version a window opens that says “Hello, World” and in the second it says “You did it.”

The mechanism for malware to active it worked activating files titled “update.pkg” and “Updater.pkg”, apparently being installers and then taking advantage of JavaScript to execute the suspicious commands.

This is a behavior that we usually see in non-malware software, which generally use pre-installed or post-installation scripts to execute some commands.

Once installed, the malware tries to check a specific URL for download a file which could contain more instructions, although after a week of monitoring the malware does not present any “final task” visible for the moment.

Little is known yet

There are certain unanswered questions still from Silver Sparrow. One of them is where initial “.pkg” files were found to infect systems. The end goal it is also a mystery, as it is also posters We discussed “Hello World” and “You did it” not running until you actively search for it and run it, rather than automatically.

All of this suggests that this malware could have a insufficient development or that it needed an application package to be able to do something else.

Hopefully this is all a “joke” and that malware never affects our devices. Surely in a few months we will know something more about Silver Sparrow.

The "epic" WhatsApp conversation with his future landlady sweeps Twitter: beware of the question

England: reopening of non-essential shops, outdoor pubs and restaurants from April 12