read

Silver Sparrow: Why Macs Need Endpoint Protection

By Chad Calease | February 22, 2021
Chad is the cyber resilience lead at Ntiva, focused on eliminating preventable risk and loss to businesses from cybercrime.
ntiva

It's time for a new round of novel malware to match the shiny, new M1 architecture, so sing along with me, "Weeeeeeee!!!"

Seriously, though, some perspective: let's get to the emotional center of this.

There's a lot that's still unknown about Silver Sparrow, the latest celebrity in macOS malware.

While our endpoint-protection tools of choice, the one we recommend to all our clients (full disclosure: it's Malwarebytes), is hot on the case, they've certainly got their work cut out for them this time.

While it was once true that "Macs don't need antivirus," that's no longer true and we're working hard to change that misconception!

While it's also true the security industry media loves to sell us FUD (Fear, Uncertainty, and Doubt) because it's good for business and clicks, this bit of hyperbole is worth taking with a more balanced view because it does present some new territory — is that a theme for like the next decade already?

What Do We Know About Silver Sparrow Malware

Silver Sparrow makes it hard for us to learn how it infects machines, and it's weird because it also doesn't appear to be doing anything nasty. Yet. It's all set up to do, well, just about anything.

It's been proposed that it requires an action, such as clicking on something to execute it and become infected. More tricks.

The truth is, no one knows what it's all about or what its purpose is yet. Could it be a new payload delivery mechanism for advanced adware and gateways to ransomware attacks? Could be.

Time will tell as our pals, the security researchers, sleuth this one out. What would we do without those smart people at Malwarebytes, Objective-See, and Red Canary? Big shout-outs to all of them for their research and insights.

How To Detect Silver Sparrow

The currently known detection tactics involve searching for these IoCs or Indicators of Compromise (hat tip to the team at Red Canary) —> https://redcanary.com/blog/clipping-silver-sparrows-wings/.

For now, we haven't seen any indication of these, but you can be sure we're watching this topic closely as it's likely to change pretty quickly, especially as more and more of the new M1 chips come online.

As things evolve, you can be sure we'll keep you up-to-date alongside any mitigation efforts.

This is precisely why Macs need endpoint protection - get in touch! We'd love to help you protect your Apple fleet.

Update: 2021-02-23 --> Malwarebytes shared all their intel on Silver Sparrow so far today: https://blog.malwarebytes.com/mac/2021/02/the-mystery-of-the-silver-sparrow-mac-malware/

Meanwhile, we hope you're staying positive and testing negative.

 

Apple MSP

 

Tags: Apple