There is a popular stereotype that Apple computers are largely immune to malware. This is not only incorrect, but it looks like sophisticated hackers may be playing around with the idea of a robbery or falling disgusting enough to cover their tracks. How Ars Technica reports, security researchers from Malwarebytes and Red Canary have discovered a mysterious piece of malware hidden in some 30,000 Macs, one designed to deliver a cargo still unknown and with a self-destruct mechanism that can remove any traces of what already existed. They are calling it Silver Sparrow.
Red Canary’s own blog post gives more details, including how they discovered several versions targeted not only at Intel, but also at the latest Macs based on Apple’s own M1 chip – which is quite a lot considering how Apple’s M1 computers are new and as few vulnerabilities have been discovered yet. It was literally just a week ago that Objective-See security researcher Patrick Wardle published a story about the first malware discovered targeting Apple’s Silicon, and now we have two.
Fortunately, Silver Sparrow was no able to cover its tracks before being discovered, there is no indication that it was used to cause any damage, and Red Canary writes that Apple has already revoked the binaries (which theoretically should have prevented you from installing it accidentally). But the damage to the idea that could have been done is not theoretical: they actually found these strains of malware on Macs at large.
Given all of this, Silver Sparrow is uniquely positioned to deliver a potentially impactful payload at any time, so we wanted to share everything we know with the broader infosec community, sooner or later.
– Red Canary (@redcanary) February 19, 2021
The researchers warn that the transition from Apple from Intel to its own silicon could make it easier for other malefactors to slip malware through the cracks as well: you can read quotes from several of them in this Wired story.