UPDATE: Feb. 21, 2021, 11:27 PM EST This story has been updated with a response from Apple about the malware.
A new piece of malware has been detected on nearly 30,000 Macs (so far) and, with no evidence of a malicious payload, it appears that security types cannot fully identify the malware’s motives.
Researchers at Red Canary, a security company where the malware was first discovered, have dubbed it “Silver Sparrow” (h / t Ars Technica). As of now, it has been detected in 153 countries, with a higher rate of cases in the US, Canada, UK, Germany, and France.
In a blog post, Red Canary explained how it has been monitoring the malware for over a week (as of Feb. 18) and “neither we nor our research partners saw a final payload, making the ultimate goal of Silver Sparrow activity a mystery. “
While much is still unclear about Silver Sparrow, the security company was able to provide some details:
“We have discovered that many macOS threats are distributed via malicious ads as single, independent installers PKG or DMG form, disguised as a legitimate application, such as Adobe Flash Player, or as updates. In this case, however, the adversary has divided the malware into two different packages: updater.pkg and update.pkg. Both versions use the same techniques to run, but differ only in the compilation of the bystander binary. “
There is one more thing the researchers have been able to discover: there are two different types of this malware. One is built primarily for the Intel-powered Macs, while the other is specially formulated for Apple’s new M1 chipset.
Apple has confirmed to Mashable that after discovering the malware, it has since revoked the certificates of the developer accounts used to sign the packages. This prevents new Macs from being infected.
But it’s also worth noting that Silver Sparrow is actually the second piece of malware designed to run on Apple’s internal chip. According to 9to5Mac, another malware was also found by security researcher and founder of Objective-See, Patrick Wardle in mid-February.
But the company is steadfast in its commitment to security when it comes to protecting Macs. Apple says all software has been downloaded Outside of the Mac App Store uses technical mechanisms (including the Notary Service) to detect malware and then block it from executing.
It has only been a year since Apple introduced its M1-powered Mac series, including the MacBook Air, MacBook Pro and Mac Mini. With their proprietary silicon, the new machines offer better battery life, faster performance and the ability to run iPhone and iPad apps.
Having reviewed both M1 MacBooks myself, I can attest to the massive improvements over Apple’s previous Intel models. But two different types of malware detected in the three months since the release of the new line is still a bit concerning.