On February 18th, Red Canary working with MalwareBytes broke the news that they had discovered a latent malware infection is as many as 30,000 Macs. They posted a detailed analysis online and dubbed this new threat Silver Sparrow.
What makes Silver Sparrow so interesting is that while the malware had the capability to do real damage, its final payload was never executed by its authors and operators. It is also one of the first variants of Mac malware in the wild that was compiled to run natively on Macs with Apple Silicon.
This Malware is already well-detected by commodity anti-virus solutions, and Apple has done its part to help stop the spread by revoking the development certificate used to sign the malicious installer.
While Kolide isn't intended to be used as a comprehensive malware detection platform, we often as a courtesy hunt for prolific threats on behalf of our customers. Based on the information we have today, it appears no Kolide customers have been infected by this malware.
Even so, out of an abundance of caution, Kolide has developed a simple Check to look for this malware and deployed it to each of our customers.
Please let us know if you have any follow-up questions or concerns about Silver Sparrow, malware, or the Checks feature of Kolide.