Mac Malware On 30,000 Computers Seem To Be Doing Nothing Yet
The Mac isn't exactly impervious to malware, as evidenced by ransomware and adware reports in the past years. The popularity of the Apple M1 Silicon has even made it a bigger target for hackers these days. There has now been at least two reported malware designed to run specifically on Apple's latest and most powerful chip and this second, codenamed Silver Sparrow, has security experts perplexed and fearful because of its potential to do serious damage.
There are some factors that make this relatively young malware unique, mind-boggling, and frightening. The fact that it has infected almost 30,000 Macs, both running on Apple M1 and Intel x86_64 chips is already a worrying matter. It also specifically targets M1 Macs natively, infecting x86 Macs through translation only, at a time when legit app developers are still stumbling to port their existing apps to the ARM-based platform.
The malware's behavior is what's raising red flags. At the moment, all it does is check a remote control server to download payload that still doesn't exist. According to security researchers at Red Canary, this suggests that it is only waiting for conditions to be met before it fully activates and wreaks havoc on Macs.
The way Silver Sparrow infects and hides is also a point of concern. It uses macOS' own Installer Javascript features to execute commands, making it hard to study the malware. It also has some self-destruct capabilities that haven't been used yet, suggesting it might be designed for some deep undercover work that requires avoiding detection at all costs. It ironically even uses AWS and Akamai to be distributed, which makes blocking source servers actually more difficult.
Silver Sparrow sounds like a sleeper malware waiting to be activated at a moment's notice. Despite its seemingly harmless behavior, security researchers are worried it is a massive disaster waiting to happen and, unfortunately, they aren't saying how to remove the malware yet.