Malware infects 30,000 Macs, including M1 MacBooks — what to do now

News
By published

Silver Sparrow malware aiming at all Macs

MacBook Pro M1x benchmarks leak
(Image credit: Future)

Mysterious new malware has been detected on nearly 30,000 Mac devices, including those that run on the new Apple M1 chip

The so-called Silver Sparrow malware was discovered by researchers at security firm Red Canary, who said that it poses “a reasonably serious threat” due to its “forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity." Basically, it's bad news for Mac old and new. 

The malware comes in two forms: one is targeted at older Intel Macs and the other is aimed at both at Intel-based Macs and at news devices running on Apple’s new M1 chip, such as the MacBook Air with M1 and MacBook Pro with M1. The second version is a "fat" binary that will adapt to either kind of chip.

However, it is not yet clear what Silver Sparrow’s purpose actually is. The researchers have yet to see it deliver a malicious payload to any of the infected machines — there does not appear to be one in the malware's code — and instead say it appears to be waiting for further instructions. 

“We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution,” said intelligence analyst Tony Lambert in a Red Canary blog post last week.

Nor is it clear how the machines were infected, although the researchers explained they suspect it was via malicious search engine results that directed victims to download specific malicious PKG files.

"We’ve found that many macOS threats are distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application — such as Adobe Flash Player — or as updates," the researchers said.  "In this case, however, the adversary distributed the malware in two distinct packages: updater.pkg and update.pkg." 

What we do know is that it has already been discovered in 153 countries, with the highest numbers in the U.S., U.K., Canada, France, and Germany. 

For the moment, the Intel-only version of the malware will do one thing: display the message, "Hello, world!" The "fat" binary that runs on both Intel and M1 chips announces, "You did it!"

How to protect your Mac from Silver Sparrow malware

The good news is that Apple has now taken action to prevent new infections, confirming to Mashable that it has now retracted the certificates of the developer accounts used to digitally "sign" the packages. 

While that won’t help you if you’re one of the 30,000 whose Mac already has the malware, Red Canary has helpfully included a guide for signs to look out for

This is the second piece of in-the-wild malware known to run natively on Apple's in-house M1 chip. The first, called GoSearch 22, was discovered just last week. It's adware that hijacks browser search results, injects ads and might even steal data.

While it’s impossible to entirely protect your Mac from malicious software, you can make your Apple device as secure as possible by installing the best Mac antivirus software and using one of the best Mac VPNs.

See more Computing News
TOPICS
Marc McLaren
Marc McLaren

Formerly Editor in Chief (U.K.) on Tom’s Guide, Marc oversaw all gaming, streaming, audio, TV, entertainment, how-to and cameras coverage, and was also responsible for the site’s U.K.-focused output. He is now U.K. Editor in Chief on TechRadar. Marc previously edited the tech website Stuff and has tested and written about phones, tablets, wearables, streaming boxes, smart home devices, Bluetooth speakers, headphones, games, TVs, cameras and much more. He also spent years on a music magazine, where his duties mainly involved spoiling other people’s fun, and on a car magazine. An avid photographer, he likes nothing better than taking pictures of very small things (bugs, his daughters) or very big things (distant galaxies). When he gets time, he also enjoys gaming (console and mobile), cycling and attempting to watch as much sport as any human can. He's also fallen in love with Wordle over the past six months and is the author of our today's Wordle answer column, in which he supplies hints and strategy tips for the mega-popular word game. Given he's completed every single Wordle so far and only lost once, and analyzed every Wordle answer in search of patterns, he's well qualified to help you safeguard your streak.

Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly
More about malware adware
A hacker typing quickly on a keyboard

Hackers are using this little-known file type to drop a nasty Windows worm on vulnerable PCs — how to stay safe
Malware

1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this
NYTimes Connections

NYT Connections today hints and answers — Tuesday, March 25 (#653)
See more latest
Most Popular
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #387 (Tuesday, March 25 2025)
Two members of our review team photographed during a pressure relief test on the Saatva Classic mattress, with one typing notes into a laptop and the other measuring the amount of sinkage caused by a 56lb cast iron weight being dropped into the middle of the Saatva Classic mattress
People with this bed type are most satisfied with their mattress — and it’s not what we expected
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly
NFL Sunday Ticket logo for YouTube
NFL Sunday Ticket 2025 pricing revealed — and it's bad news
Russian flag with padlock smashing through glass
47 VPNs could be axed from Google Play Store following Russian demands