UPDATE: February 21, 2021, 11:27 PM EST This story has been updated with a response from Apple regarding malware.
A new piece of malware has been discovered on nearly 30,000 Macs (so far), and without evidence yet of a harmful payload, it appears that security types cannot fully identify the motives of the malware.
Researchers at Red Canary, a security operations company where malware was first discovered, have called it “Silver Sparrow” (h / t Ars Technica). As of now, it has been detected in 153 countries, with a higher number of cases in the United States, Canada, the United Kingdom, Germany and France.
In a blog post, Red Canary explained how it has been monitoring malware for over a week (starting February 1
While many things are still unclear about Silver Sparrow, the security firm was able to provide some details:
“We have found that many macOS threats are distributed through malicious ads as singles, independent installers in PKG or DMG form, is disguised as a legitimate application – such as Adobe Flash Player – or as updates. In this case, however, the other party distributed malicious software in two different packages: updater.pkg and update.pkg. Both versions use the same techniques to perform, and differ only in the collection of the bystander binary. “
There is also one thing that researchers have been able to discover: There are two different types of this malicious software. One was built primarily for Intel-powered Macs, while the other is compiled specifically for Apple’s new M1 chipset.
Apple has confirmed to Mashable that after detecting malicious software, the certificates of developer accounts that were used to sign the packages were withdrawn. So new Macs are prevented from becoming infected.
But it is also worth noting that Silver Sparrow actually is second piece of malware designed to run on Apple’s internal chip. According to 9to5Mac, another malicious software was also found in mid-February by security researcher and founder of Objective-See, Patrick Wardle.
But the company stands by its commitment to security when it comes to protecting Macs. Apple states that all software downloaded outside of the Mac App Store uses technical mechanisms (including the notary service) to detect malicious software and then block it from running.
It’s just less than a year since Apple introduced its M1-powered Mac series, which includes the MacBook Air, MacBook Pro and Mac Mini. With their own silicon, the new machines provide better battery life, faster performance and the ability to run iPhone and iPad apps.
After reviewing both M1 MacBooks myself, I can witness the huge improvements over Apple’s previous Intel models. But two various types of malware detected during the three months since the launch of the new line, are still a bit worrying.