Something unusual has made news recently: Mac malware. The usually highly fortified – and pricier – Mac OS is much less prone to malware intrusions. But the discovery of Silver Sparrow malware, a malware that runs on both Intel and M1-based Macs, further underscores that no systems are safe. Silver Sparrow is the second such recent discovery on M1s.

Researchers discovered the malware – dubbed Silver Sparrow – on over 30,000 Macs in more than 150 countries. The source of Silver Sparrow is still unclear. Some experts say the malicious code was embedded in advertisements, compromised websites, or fake Flash updates. Yet, despite this alarming discovery, the virus hasn’t appeared to have unleashed any payload. Still, researchers warn it could pose a threat.

Tony Lambert on Red Canary wrote that the malware’s motives are a mystery:

The ultimate goal of this malware is a mystery. We have no way of knowing with certainty what payload would be distributed by the malware.”

Silver Sparrow malware is rare and unexpected

Smarter MSP checked in with Dwight Farris, a cybersecurity professor, and Mac expert at Grand Canyon University. He echoed the rarity of this attack.

The MacOS in any iteration is exponentially more difficult to infiltrate due to the higher-level security aspects of the operating systems,” Farris says.

Most security breaches making the headlines are not happening on Macs, which is what makes the Silver Sparrow malware so unusual.

Mac’s built-in security features “is one of the main reasons why Mac malware is lesser-known or used as an attack vector,” Farris adds.

The fact Silver Sparrow didn’t seem to wreak havoc doesn’t mean it wasn’t a successful attack. Time will tell but Farris doesn’t believe it looks like something incredibly nefarious.

“From what I can ascertain, this version was primarily successful at monitoring lower-end aspects of of the OS,” Farris advises, adding that he can’t be 100 percent certain. “My research has been cursory, so I am not sure if there were any other impacts from this malware.”

For more information about how to specifically find and remove Silver Sparrow (even though it appears harmless now, no need to leave it there to find out), check out this article from Arstechnica.

Mac has been a more frequent target

Last summer, a rare Mac-specific ransomware strain, dubbed ThiefQuest, was identified. Per Wired Magazine:

“ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in.”

Meanwhile, other experts caution that MSPs shouldn’t let down their guard with Macs just because they are Macs.

“Some MSPs just stay away from Macs because they aren’t as easy to service, and they can provide a more seamless experience by focusing just on Windows,” says James Butler, a Mac expert in Indianapolis, told Smarter MSP.

“But Macs aren’t necessarily technically safer,” Butler adds. “There are just far fewer of them, so hackers won’t invest as much time and money into creating malware for Macs when it’s far more profitable to do so for Windows.”

Butler advises that Macs are still susceptible to the same type of ransomware and phishing attacks that plague windows. And, he recommends complementing MacOS with robust software solutions, like Barracuda’s Backup Agent for backing up the file. Butler also suggests purging your client’s Macs of Java.

“The average office computer doesn’t need it; you can remove it or at the very least disable it for use at a future date,” Butler says.

Java has had several security issues over the years, and Apple has released patches for them, but the best fix is to disable it. Butler points out that he sees many security professionals ignoring Apple Security Updates.

“The best defense you can have for a Mac is to stay on top of patching and security updates,” Butler says.

Also, Butler advises to make sure the default firewall is activated. “That’s a no-brainer, but people go in and disable it for various reasons, but it should never be done” he says.

Beware “Apple invincibility”

“Apple’s products do enjoy a certain aura, but that can be dangerous too,” Butler emphasizes. “People let down their guard and open files on a Mac that might throw up red flags on Windows.”

So no matter how stringent of a system you put into place, Butler says, you have to train endpoint users to look for the same suspicious emails, advertisements, and social engineering that proliferate on other systems.

Also, Butler noted, COVID-19 has pushed Macs into the work ecosystem in more significant numbers as people use their personal devices for business. This is forcing many MSPs that don’t service Macs to take another look.

“The lesson of Silver Sparrow and other recent attacks is that Macs are not immune,” Butler warns. Meanwhile, MSPs who have been staying away from Macs, may want to take a second look as their numbers in offices increase.

Photo: Somni4uk / Shutterstock

Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

Leave a reply

Your email address will not be published. Required fields are marked *