Over the weekend, we reported the second known malware compiled to run natively on M1 Macs. Named “Silver Sparrow”, the malicious package is said to leverage the macOS installer JavaScript API to execute suspicious commands. After watching the malware for more than a week, however, the security company Red Canary saw no final payload, so the exact threat to users remains a mystery.
/article-new/2021/02/mac-security-privacy.jpg?resize=560%2C315&ssl=1)
However, Apple informed MacRumors that it has revoked the certificates for the developer accounts used to sign the packages, preventing additional Macs from becoming infected. Apple also reiterated that Red Canary found no evidence to suggest that the malware sent a malicious payload to Macs that were already infected.
For software downloaded outside the Mac App Store, Apple said it has “industry-leading” mechanisms to protect users by detecting malware and blocking it from running. Since February 2020, for example, Apple has required that all Mac software distributed with a developer ID outside the Mac App Store be submitted to Apple’s notary service, an automated system that checks for malicious content and subscription problems. code.
Malware targeting M1 Macs was simply compiled to run natively on the M1 chip’s Arm-based architecture, now that Intel-based Macs are slowly being phased out. For more details on “Silver Sparrow” malware, read our previous coverage.