I’m not just a tech. I am a NERD. I love to read about the all latest Apple Mac things, all the time. And the current “latest thing” is malware. Where most people have their RSS feed and email give them reports on politics, recipes, hobbies or the next cricket match, I’m the guy who’s email and RSS is filled with the latest in Apple systems, possible viruses and malware. While Mac viruses don’t really exist, Malware does. I know because I have written software to remove malware from Macs and I’m currently reading books written by the worlds leading independent authority on Mac Malware. So when I say that the experts are worried about “Silver Sparrow malware”, I mean it.
What does Silver Sparrow Malware do?
This is why the experts are WORRIED. They don’t know!!
Yep, they do not know what it does! Few of the experts like TONY LAMBERT suggest the malware is waiting for external instructions or a set of conditions to be fulfilled before the malware springs into action.
In situations like this, it is hard to not let your imagination run wild and think the worst. Is it Ransomware, does it redirect all your internet traffic through a server that is being watched by hackers? Does it try to copy your Netflix passwords? Does it do anything at all? Or is it like a stalker or peeper, slinking around and snooping in your closets just because it can? Whatever it is … it is not good.
How do they know it is malware?
If you are wondering ” If they do not know what it does, how do they know it is malware?” That is a good question. They know because there are certain behaviours of malware … kind of like how a police officer can identify the behaviour of a would-be robber casing a mark.
This is normally the part of the conversation where my lovely wife kicks me under the table and whispers in my ear “Kevin you are putting everyone asleep”. I find this part fascinating but looks like I’m the only guy in the Blue Mountains that considers “malware behaviour” appropriate pub chat.
So trust me when I tell you that malware behaves in very identifiable ways. It just can’t help itself. And if you want to know exactly what those behaviours are, I am happy to let you buy me a beer.
Runs on the M1 and Intel Macs
Something else that has the researchers scratching their heads is that this malware can already infect M1 processor Macs. For the non-computer geeks, processors are the command centre of a computer. For a decade Intel has been the primary processor used by both Apple and Microsoft. Some of you might remember advertisements that include the Intel Inside jingle.
In the last year, Apple converted all its new systems over to their in-house processor, the M1. Intel Macs and M1 Macs speak a different language (kinda like Japanese vs English). But Silver Sparrow is bi-lingual. That has the experts worried because it means that whoever wrote this had time to develop it for the M1 Mac.
I have heard some of the speculations of what it could mean. As someone who tries to avoid conspire theories, I will not comment on or repeat those speculations. What I will say is that whoever made this latest Mac Malware knows what they are doing and will likely create something like it again,
Spooky self destruct script
I am not talking about something that is going to blow up your Mac. I’m talking about a script that removes evidence of its own existence. Silver Sparrows gets in, flies about and gets out wiping away its footprint and taking all its feathers with it. If you don’t know to look for it, you will never know it was there. This also has the experts worried. This implies more than just a hobby hacker because most malware does not have this feature.
How is the Mac Malware delivered?
Researchers can only guess…. WHAT!?!?!?! .
Yeah, currently they suspect that like other forms of Malware it was installed by the user thinking that they were installing a legit version of some other kind of software like Adobe Flash Player (Now discontinued and should be removed from all your computers Mac or otherwise). But they are not sure.
A few of the infected Macs they studied showed that the users were searching for software before the installation and malicious search engine results pointed the user in the wrong direction. How those systems had malicious search engines in the first place is another discussion. Suffice to say, it is important to know and trust the browser or app centre you are using to access software.
Hunting for a sample
I have a test Mac that I deliberately infect with malware so I can study it and develop software to remove the malware. But the problem with this malware is that I have not been able to find it. Unlike the other Mac malware I have studied like Mac Defender, MacDownloader and the controversial and not technically malware, Mackeeper, I have not been able to find a copy of “Silver Sparrow”. Not that they are advertising. We just don’t yet know enough to determine a delivery pattern, so I’m going to have to wait for more information from the researchers. Or maybe I will stumble across it. Though currently do not know anyone in the Lithgow Or Katoomba area that has been infected with this Mac Malware, but it is only a matter of time.
How do you protect yourself from this Mac Malware?
Without knowing more about this version of the malware we can only guess. However, the standard rules of protecting yourself from Malware apply. A little bit of common sense will actually help. Here is a list of good habits:
1. Run Apple Software updates often
Apple is always working on making their operating system safer. One of the ways they protect your Macbook is by software updates. Apple Loves having the reputation of being immune to viruses and will spend lots of money to keep that reputation.
2. Be careful of what you Download
If you stick to installing only software from the Apple store you will most likely have nothing to worry about from Mac Malware. This will have its own blog post.
3. Use trusted sources and keep it clean
Use known sources like Safari or Chrome browsers or supported App stores and keep those sources clean by
- being VERY CAREFUL about what plug-ins you install
- checking your browser history
- update your browser regularly
- avoid suspicious websights