Silver Sparrow malware
Silver Sparrow malware

What is Silver Sparrow malware?

Silver Sparrow is a malicious program targeting Mac OS operating systems. There are two versions of this malware, the key difference being the targeted OS architecture. Silver Sparrow's activity has been observed in the United States, United Kingdom, Canada, France, and Germany.

One variant of Silver Sparrow is designed for Intel x86_64 system architecture, the other for this and M1 ARM64. The latter is relatively new and, as such, is targeted somewhat less. As mentioned, this piece of malicious software is intended to infect systems with other malware, however, at the time of research, it has not been observed injecting compromised devices with any payloads. Therefore, the specific goals of cyber criminals behind Silver Sparrow are unknown. Likewise, it is unclear what potential damage the malware can cause. Additionally, some aspects of Silver Sparrow make its code easily modifiable, which makes it a versatile threat.

Note that this malware uses Amazon AWS - a legitimate service provided by Amazon Inc. - for its malicious purposes. This increases Silver Sparrow's chances of proliferation, as Amazon AWS offers suitable conditions (e.g., resilient file distribution and content delivery, etc.).Malware capable of causing chain infections (i.e., backdoor functionalities) can infect devices with a wide variety of malicious programs. Furthermore, malware can have varied capabilities in different combinations. For example, Trojans can function as backdoors, allow remote access and control over the infected machine, download content stored on the system, extract content/information from browsers and other installed applications, spy on users (e.g., monitor keystrokes, record/live-stream video and audio, take screenshots, etc.), and so on.

Ransomware operates by encrypting stored data and/or locking the device's screen for ransom purposes. Crytominers use system resources (potentially to the point of system failure) to mine cryptocurrency. To summarize, Silver Sparrow can cause multiple system infections and lead to severe privacy issues, data loss, device damage, financial losses, and identity theft. If it is suspected/known that Silver Sparrow (or other malware) has already infected the system, use anti-virus software to remove it immediately.

the Electorate, OSAMiner, Eleanor, and XCSSET are some examples of other Mac malware. This malicious software can have an array of dangerous functionality, which can pose a correspondingly broad range of serious problems. The sole purpose of this software is to generate profit at users' expense. Regardless of how the malware operates, it is highly dangerous. To ensure device integrity and user safety, it is crucial to eliminate all threats immediately upon detection.

How did Silver Sparrow infiltrate my computer?

The exact method used to spread Silver Sparrow is unknown. Typically, malicious programs are proliferated through untrustworthy download channels (e.g., unofficial and free file-hosting websites, Peer-to-Peer sharing networks, and other third-party downloaders), and illegal activation tools ("cracks"), fake updaters, and spam campaigns. Malware (including ransomware) is usually distributed via malspam campaigns, unofficial software activation ('cracking') tools, Trojans, dubious file/software download sources, and fake software updating tools.

When cyber criminals attempt to distribute malware via malspam campaigns, they send emails that contain malicious attachments or download links for malicious files. Typically, they disguise their emails as official and important. If recipients open the attached file (or a file downloaded via a website link), they cause the installation of malicious software. Cybercriminals commonly attach executable files (.exe), archive files such as RAR, ZIP, PDF documents, JavaScript files, and Microsoft Office documents to their emails. Software 'cracking' tools supposedly activate licensed software illegally (bypass activation), however, they often install malicious programs and do not activate any legitimately installed software. Trojans are other rogue programs that can cause chain infections. I.e., when a Trojan is installed on the operating system, it can install additional malware. Free file hosting websites, freeware download websites, Peer-to-Peer networks (e.g., torrent clients, eMule), unofficial websites, and third-party downloaders are examples of other sources that are used to distribute malware. Cybercriminals disguise malicious files as legitimate and regular. When users download and open them, they inadvertently infect their computers with malware. Fake software updating tools install malicious software rather than updates/fixes for installed programs, or they exploit bugs/flaws of outdated software that is installed on the operating system.

How to avoid installation of malware

Do not trust irrelevant emails that have files attached (or contain website links) and are received from unknown, suspicious addresses. Software should not be downloaded or installed through third-party downloaders, installers, unofficial pages, or other similar sources/tools. Use only official websites and direct links. Installed software should never be updated or activated with third-party, unofficial tools since they can install malware. Furthermore, it is illegal to use third-party tools to activate licensed software. The only legitimate way to update and activate the software is to use tools and functions that are provided by the official developers. Regularly scan your computer with reputable antivirus or anti-spyware software and keep this software up to date.

If your computer is already infected with malware, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them. Screenshot of VirusTotal detections of the installer distributing the second version of Silver Sparrow malware.

Update 2 March 2021 - It is likely that Silver Sparrow infects computers via adware or advertisements, and third-party offers during the installation processes of certain programs. It is known that the purpose of Silver Sparrow is to infect computers with additional malware, but the payload is still unknown whatever it is, it cannot be configured because the configuration file is hosted in AWS S3. Note also that Silver Sparrow uninstalls itself once the "~/Library/._insu" file appears in the system. It is likely that this file is generated when there is nothing more to gain from the infected machine.