M1 Macs Targeted by Additional Malware, Exact Threat Remains a Mystery

The second known piece of malware that has been compiled to run natively on M1 Macs has been discovered by security firm Red Canary.

m1 mac mini screen


Given the name “Silver Sparrow,” the malicious package is said to leverage the macOS Installer JavaScript API to execute suspicious commands. After observing the malware for over a week, however, neither Red Canary nor its research partners observed a final payload, so the exact threat that the malware poses remains a mystery.

Nevertheless, Red Canary said the malware could be “a reasonably serious threat”:

Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice.

According to data provided by Malwarebytes, “Silver Sparrow” had infected 29,139 macOS systems across 153 countries as of February 17, including “high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany.” Red Canary did not specify how many of these systems were M1 Macs, if any.

Given that the “Silver Sparrow” binaries “don’t seem to do all that much” yet, Red Canary referred to them as “bystander binaries.” When executed on Intel-based Macs, the malicious package simply shows a blank window with a “Hello, World!” message, while the Apple silicon binary leads to a red window that says “You did it!”

you did it silver sparrow


The first piece of malware capable of running natively on M1 Macs was discovered just days ago. Technical details about this second piece of malware can be found in Red Canary’s blog post, and Ars Technica has a good explainer as well.

Leave a Reply

Your email address will not be published. Required fields are marked *