UPDATE: February 21, 2021, 11:27 pm EST This story was updated with an answer from Apple about the malware.
A new type of malware has been detected on almost 30,000 Macs (so far) and, with no evidence of a harmful burden, it appears that security types cannot identify the reasons for the malware.
Researchers at Red Canary, a security operations company where the malware was first discovered, called it “Silver Sparrow” (h / t Ars Technica). To date, it has been detected in 153 countries, with a greater number of cases in the USA, Canada, the United Kingdom, Germany and France.
In a blog post, Red Canary explained how it has been eyeing malware for more than a week (on February 18) and “neither we nor our research partners see a final load, leaving the ultimate goal of Silver Sparrow’s activity in mystery. “
Although many things remain unclear about Silver Sparrow, the security company was able to provide a few details:
“We found that many macOS threats are distributed through malicious ads as unique, independent installers in PKG or DMG form, masquerading as a legitimate application – like Adobe Flash Player – or as updates. In this case, however, the adversary distributed the malware in two separate packages: updater.pkg and update.pkg. Both versions use the same execution techniques, differing only in the compilation of the spectator binary. “
There is also one more thing that researchers have been able to discover: There are two different types of this malware. One was built primarily for Intel-based Macs, while the other is built specifically for Apple’s new M1 chipset.
Apple confirmed to Mashable that after discovering the malware, it removed the certificates from the developer accounts used to sign the packages. Thus, new Macs are prevented from being infected.
But it’s also important to note that Silver Sparrow is really the second piece of malware that was designed to run on Apple’s internal chip. According to 9to5Mac, another malware was also found in mid-February by security researcher and Objective-See founder Patrick Wardle.
But the company remains committed to security when it comes to protecting Macs. Apple says any software downloaded outside Mac App Store uses technical mechanisms (including its notary service) to detect malware and then block it from being able to run.
It was only less than a year ago that Apple launched its Mac line with M1 engine, which includes the MacBook Air, MacBook Pro and Mac Mini. With their own silicon, the new machines offer better battery life, faster performance and the ability to run applications for iPhone and iPad.
Having analyzed the two MacBooks M1 myself, I can attest to the huge improvements over Apple’s previous Intel models. But two different types of malware detected in the three months since the launch of the new line are still a little worrying.