UPDATE: 21 February 2021, 23:27 EST This story has been updated with a response from Apple regarding the malware.
A new piece of malware has been detected on nearly 30,000 Macs (so far), and without any evidence of a harmful payload, it appears that the security types cannot determine the motives of the malware.
Researchers at Red Canary, a security industry where the malware was first discovered, call it ‘Silver Sparrow’ (c / o Ars Technica). As of now, it has been detected in 153 countries, with a greater number of cases in the US, Canada, the United Kingdom, Germany and France.
In a blog post, Red Canary explained how it monitored malware for more than a week (starting February 18) and “neither we, nor our research partners observed a final payload, which left the ultimate goal of Silver Sparrow activity mystery. ‘
Although many things remain unclear about Silver Sparrow, the security firm was able to provide details:
‘We have found that many MacOS threats are widespread malicious ads as single, stand-alone installers in PKG or DMG form, presented as a legitimate application – such as Adobe Flash Player – or as updates. In this case, however, the adversary has spread the malware in two different packages: updater.pkg and update.pkg. Both versions use the same techniques to perform, and differ only in the composition of the bystander binary. “
There is one more thing the researchers were able to discover: there are two different types of malware. One was built primarily for the Intel-powered Macs, while the other one was put together specifically for Apple’s new M1 chipset.
Apple confirmed to Mashable that it had revoked the developer account certificates used to sign the packages since the malware was discovered. This prevents new Macs from becoming infected.
But it is also noteworthy that Silver Sparrow is actually the second piece of malware designed to work on Apple’s internal chip. According to 9to5Mac, another malware was also found in mid-February by security researcher and founder of Objective-See, Patrick Wardle.
But the company stands by its commitment to security when it comes to protecting Macs. Apple states that any software downloaded outside of the Mac App Store uses technical mechanisms (including the notary service) to detect malware and then block it from working.
It’s just less than a year since Apple launched its M1 – powered Mac series, which includes the MacBook Air, MacBook Pro and Mac Mini. With its own silicone, the new machines offer better battery life, faster performance and the ability to use iPhone and iPad applications.
After checking both M1 MacBooks myself, I can attest to the huge improvements over Apple’s earlier Intel models. But two various types of malware detected in the three months since the release of the new line are still a bit of concern.