A new piece of malware has been detected on almost 30,000 Macs (so far), and it appears that security types can’t quite pinpoint the malware’s motives.
Researchers over at Red Canary, a security operations firm where the malware was first discovered, have named it “Silver Sparrow” (h/t Ars Technica). As of now, it’s been detected in 153 countries, with a higher number of cases in the U.S., Canada, U.K, Germany, and France.
In a blog post, Red Canary explained how it’s been keeping an eye on the malware for over a week (as of Feb. 18) and “neither we nor our research partners observed a final payload, leaving the ultimate goal of Silver Sparrow activity a mystery.”
While a lot of things remain unclear about Silver Sparrow, the security firm was able to provide some details:
“We’ve found that many macOS threats are distributed through malicious advertisements as single, self-contained installers in PKG or DMG form, masquerading as a legitimate application—such as Adobe Flash Player—or as updates. In this case, however, the adversary distributed the malware in two distinct packages: updater.pkg and update.pkg. Both versions use the same techniques to execute, differing only in the compilation of the bystander binary.”
There’s also one more thing the researchers have been able to discover: There are two different types of this malware. One was built primarily for the Intel-powered Macs while the other is compiled specifically for Apple’s new M1 chipset.
It’s also worth noting that Silver Sparrow is actually the second piece of malware that’s been designed to run on Apple’s in-house chip. According to 9to5Mac, another malware was also found in mid-February by security researcher and founder of Objective-See, Patrick Wardle.
It’s been less than a year since Apple introduced its M1-powered Mac lineup, which includes the MacBook Air, MacBook Pro, and Mac Mini. With its own silicon, the new machines offer better battery life, faster performance, and the ability to run iPhone and iPad apps.
Having reviewed both M1 MacBooks myself, I can attest to the huge improvements over Apple’s earlier Intel models. But two different types of malware detected in the three months since the new line’s release is a bit concerning.
Hopefully, it’ll all be figured out sooner rather than later.