Skip to main content

Malware infects 30,000 Macs, including M1 MacBooks — what to do now

MacBook Pro M1x benchmarks leak
(Image credit: Future)

Mysterious new malware has been detected on nearly 30,000 Mac devices, including those that run on the new Apple M1 chip

The so-called Silver Sparrow malware was discovered by researchers at security firm Red Canary, who said that it poses “a reasonably serious threat” due to its “forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity." Basically, it's bad news for Mac old and new. 

The malware comes in two forms: one is targeted at older Intel Macs and the other is aimed at both at Intel-based Macs and at news devices running on Apple’s new M1 chip, such as the MacBook Air with M1 and MacBook Pro with M1. The second version is a "fat" binary that will adapt to either kind of chip.

However, it is not yet clear what Silver Sparrow’s purpose actually is. The researchers have yet to see it deliver a malicious payload to any of the infected machines — there does not appear to be one in the malware's code — and instead say it appears to be waiting for further instructions. 

“We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution,” said intelligence analyst Tony Lambert in a Red Canary blog post last week.

Nor is it clear how the machines were infected, although the researchers explained they suspect it was via malicious search engine results that directed victims to download specific malicious PKG files.

"We’ve found that many macOS threats are distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application — such as Adobe Flash Player — or as updates," the researchers said.  "In this case, however, the adversary distributed the malware in two distinct packages: updater.pkg and update.pkg." 

What we do know is that it has already been discovered in 153 countries, with the highest numbers in the U.S., U.K., Canada, France, and Germany. 

For the moment, the Intel-only version of the malware will do one thing: display the message, "Hello, world!" The "fat" binary that runs on both Intel and M1 chips announces, "You did it!"

How to protect your Mac from Silver Sparrow malware

The good news is that Apple has now taken action to prevent new infections, confirming to Mashable that it has now retracted the certificates of the developer accounts used to digitally "sign" the packages. 

While that won’t help you if you’re one of the 30,000 whose Mac already has the malware, Red Canary has helpfully included a guide for signs to look out for

This is the second piece of in-the-wild malware known to run natively on Apple's in-house M1 chip. The first, called GoSearch 22, was discovered just last week. It's adware that hijacks browser search results, injects ads and might even steal data.

While it’s impossible to entirely protect your Mac from malicious software, you can make your Apple device as secure as possible by installing the best Mac antivirus software and using one of the best Mac VPNs.

Marc McLaren

As U.K. Editor in Chief on Tom’s Guide, Marc is responsible for the site’s U.K.-focused output as well as overseeing all gaming, streaming, audio, TV, entertainment and cameras coverage. He previously edited the tech website Stuff and also spent years on a music magazine, where his duties mainly involved spoiling other people’s fun. An avid photographer, Marc likes nothing better than taking pictures of very small things (bugs, his daughters) or very big things (distant galaxies).