It's time for a new round of novel malware to match the shiny, new M1 architecture, so sing along with me, "Weeeeeeee!!!"
Seriously, though, some perspective: let's get to the emotional center of this. There's a lot that's still unknown about Silver Sparrow, the latest celebrity in macOS malware. While our endpoint-protection tools of choice, the one we recommend to all our clients (full disclosure: it's Malwarebytes), is hot on the case, they've certainly got their work cut out for them this time.
While it's true the security industry media loves to sell us FUD (Fear, Uncertainty, and Doubt) because it's good for business and clicks, this bit of hyperbole is worth taking with a more balanced view because it does present some new territory — is that a theme for like the next decade already?
Silver Sparrow makes it hard for us to learn how it infects machines, and it's weird because it also doesn't appear to be doing anything nasty. Yet. It's all set up to do, well, just about anything. It's been proposed that it requires an action, such as clicking on something to execute it and become infected. More tricks.
The truth is, no one knows what it's all about or what its purpose is yet. Could it be a new payload delivery mechanism for advanced adware and gateways to ransomware attacks? Could be.
Time will tell as our pals, the security researchers, sleuth this one out. What would we do without those smart people at Malwarebytes, Objective-See, and Red Canary? Big shout-outs to all of them for their research and insights.
Meanwhile, you can count on us to be watching this topic closely as it's likely to change and fast.
The currently known detection tactics involve searching for these IoCs or Indicators of Compromise (hat tip to the team at Red Canary) —> https://redcanary.com/blog/clipping-silver-sparrows-wings/.
For now, we haven't seen any indication of these, but you can be sure we're watching this topic closely as it's likely to change pretty quickly, especially as more and more of the new M1 chips come online. As things evolve, you can be sure we'll keep you up-to-date alongside any mitigation efforts.
As ever, if you have any questions or concerns, you are encouraged to reach out to us: firstname.lastname@example.org
Meanwhile, we hope you're staying positive and testing negative.