UPDATE: Feb. 21, 2021, 11:27 p.m. EST This story has been updated with a response from Apple regarding the malware.
A new piece of malware has been detected on almost 30,000 Macs (so far) and, with no evidence yet of a harmful payload, it appears that security types can't quite pinpoint the malware's motives.
Researchers over at Red Canary, a security operations firm where the malware was first discovered, have named it "Silver Sparrow" (h/t Ars Technica). As of now, it's been detected in 153 countries, with a higher number of cases in the U.S., Canada, U.K, Germany, and France.
In a blog post, Red Canary explained how it's been keeping an eye on the malware for over a week (as of Feb. 18) and "neither we nor our research partners observed a final payload, leaving the ultimate goal of Silver Sparrow activity a mystery."
While a lot of things remain unclear about Silver Sparrow, the security firm was able to provide some details:
"We’ve found that many macOS threats are distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application—such as Adobe Flash Player—or as updates. In this case, however, the adversary distributed the malware in two distinct packages: updater.pkg and update.pkg. Both versions use the same techniques to execute, differing only in the compilation of the bystander binary."
There's also one more thing the researchers have been able to discover: There are two different types of this malware. One was built primarily for the Intel-powered Macs while the other is compiled specifically for Apple's new M1 chipset.
Apple has confirmed to Mashable that after discovering the malware, it's since retracted the certificates of the developer accounts used to sign the packages. So, new Macs are prevented from being infected.
But it's also worth noting that Silver Sparrow is actually the second piece of malware that's been designed to run on Apple's in-house chip. According to 9to5Mac, another malware was also found in mid-February by security researcher and founder of Objective-See, Patrick Wardle.
But the company stands by its commitment to safety when it comes to protecting Macs. Apple says that any software downloaded outside of the Mac App Store uses technical mechanisms (including its notary service) to detect malware and then block it so that it can't run.
It's only been less than a year since Apple introduced its M1-powered Mac lineup, which includes the MacBook Air, MacBook Pro, and Mac Mini. With its own silicon, the new machines offer better battery life, faster performance, and the ability to run iPhone and iPad apps.
Having reviewed both M1 MacBooks myself, I can attest to the huge improvements over Apple's earlier Intel models. But two different types of malware detected in the three months since the new line's release is still a bit concerning.
Topics Apple
