Security researchers have detected that a new strain of malware on roughly 30,000 (numbers likely to increase) Apple Mac models. According to researchers at Red Canary (via Ars Technica), the malware Silver Sparrow has been detected in 153 countries with a higher number of cases in the US, Canada, the UK, Germany, and France. The security firm claims that as of February 18, no payload was observed, meaning that hackers have not yet utilised the malware to hack into the Apple Mac. The malware reportedly has two different types, one designed for Intel-powered Macs while the other is compiled specifically for Apple's new M1 chipset.
Speaking more over the seriousness of the Silver Sparrow on Apple Macs, Red Canary researchers, in a blog post note that the malware's compatibility with the Apple M1 chipset, global reach, relatively high infection rate, and operational maturity suggests that it is positioned to deliver a potentially impactful payload. It is also said to contain self-destructive capabilities. "Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later," the researchers added.
Silver Sparrow is a cluster of activity that includes a binary compiled to run on Apple’s new M1 chips but lacks one very important feature: a malicious payload. https://t.co/R0Iq5uBS4A #RCintel — Red Canary (@redcanary) February 19, 2021
Though Silver Sparrow was detected on 30,000 Macs, its origin remains unclear. Since no payload was detected as well, the purpose of the malware also remains unknown, and researchers don't know what its final goal is.
Notably, just weeks ago, the first malware on the new M1-powered Apple Mac came to light. The discovery came from the founder of Objective-See, Patrick Wardle, who found the new bug in the wild in the form of a Safari adware extension, originally written to run on Intel x86 chips. The malicious extension, called "GoSearch22," is a well-known member of the "Pirrit" Mac adware family and was first spotted at the end of December 2020. Pirrit is one of the oldest and most active Mac adware families and has been known to constantly change in an attempt to evade detection, so, unsurprisingly, it has already begun adapting for the M1.
Meanwhile, Apple has told Mashable that the company retracted certificates of the developer accounts used to sign the packages. "So, new Macs are prevented from being infected," the report citing Apple adds.