California Governor Gavin Newsom Launches Review Into Alleged TikTok Content Suppression After U.S. Ownership Deal 
Alibaba-Backed Moonshot AI Unveils Kimi K2.5 to Challenge China’s AI Rivals 
Meta Faces Lawsuit Over Alleged Approval of AI Chatbots Allowing Sexual Interactions With Minors 
Apple Faces Margin Pressure as Memory Chip Prices Surge Amid AI Boom 
C3.ai in Merger Talks With Automation Anywhere as AI Software Industry Sees Consolidation 
ASML’s EUV Lithography Machines Power Europe’s Most Valuable Tech Company 
Amazon Stock Dips as Reports Link Company to Potential $50B OpenAI Investment 
Rewardy Wallet and 1inch Collaborate to Simplify Multi-Chain DeFi Swaps with Native Token Gas Payments 
Micron to Expand Memory Chip Manufacturing Capacity in Singapore Amid Global Shortage 
Elon Musk’s SpaceX Explores Merger Options With Tesla or xAI, Reports Say 
Meta Stock Surges After Q4 2025 Earnings Beat and Strong Q1 2026 Revenue Outlook Despite Higher Capex 
ASML’s EUV Monopoly Powers the Global AI Chip Boom 
Anthropic Raises 2026 Revenue Outlook by 20% but Delays Path to Profitability 
SoftBank Shares Surge as It Eyes Up to $30 Billion New Investment in OpenAI 
Pentagon and Anthropic Clash Over AI Safeguards in National Security Use 
Sandisk Stock Soars After Blowout Earnings and AI-Driven Outlook 
Apple Earnings Beat Expectations as iPhone Sales Surge to Four-Year High 
Security researchers have recently identified a second version of a malware that has infected thousands of Apple Mac computers around the world. Despite learning that nearly 30,000 devices have been affected, experts are still trying to figure out the attacker’s ultimate goal.
macOS malware has several mysterious characteristics
The malware, which Red Canary researchers have dubbed Silver Sparrow, has two versions with Mach object binaries for Intel-based (x86_64) Mac computers and M1-powered devices. Per data collected by Malwarebytes, as of last Feb. 17, the Silver Sparrow has affected 29,139 macOS devices in 153 countries. Most infected computers are reportedly located in the United States, Canada, the United Kingdom, France, and Germany.
The recently discovered malware strain uses LaunchAgent for persistently contacting a remote host, which the security researchers say is normal for macOS adware. However, what is bizarre is that the malware JavaScript to execute commands.
Several other factors make the macOS malware even more bizarre. Researchers have studied the malware for more than a week and learned that, in every hour, it is checking for new content and command to execute.
However, the researchers have not found the final payload. The Silver Sparrow binaries are not doing much at this point, leading to its moniker “bystander binaries.” The researchers, however, pointed out that when the Intel x86_64 binaries are executed, they display the message, “Hello World!” The Apple Silicon M1 binaries, on the other hand, show the text, “You did it!” Red Canary believes these are just placeholders.
Silver Sparrow is still a ‘serious threat’ despite unknown goals
The mystery surrounding the Silver Sparrow malware does not lessen its potential threat. “Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat,” Red Canary said. With the mechanisms the malware has in place, cybersecurity experts believe it has the capacity “to deliver a potentially impactful payload at a moment’s notice.”
When researchers say this malware is mature, it refers to the fact that it is hosted on Amazon Web Services and Akamai. This means it can deliver content and commands well. Another unusual characteristic of the Silver Sparrow is that it is equipped with a self-destruct file check. The macOS malware has the ability to remove all persistent tasks and scripts by itself.
Red Canary’s blog post also offers ways to find indicators if a Mac computer has been infected by Silver Sparrow. Meanwhile, Apple confirmed that certificates for the developers involved in the spread of the malware packages have been disabled.
Featured Photo by Emile Perron on Unsplash
