Apple has taken steps to prevent the spread of Mac malware known as Silver Sparrow from spreading. What made the malware stand out was that it runs natively on the M1 chip.
Apple has revoked the security certificates of the developer accounts that were used to sign the packages, preventing them from being installed on additional Macs.
As we reported over the weekendThis malware has proven to be confusing to security researchers for several reasons. Silver Sparrow forces infected Macs to check a control server once an hour, and it includes a self-destruct mechanism, but researchers have yet to actually monitor its malicious intent.
Apple reportedly told MacRumors Several steps are being taken to prevent the Silver Sparrow malware from spreading further. The company revoked the developer accounts’ certificates that were used to sign the packages, which prevents the attackers from infecting additional Mac users.
Apple also reiterated that Silver Sparrow is not yet required to deploy a malicious payload and that any software downloaded outside of the Mac App Store provides “industry-leading” protection for users. For example, Apple requires that all software be notarized, regardless of whether it was downloaded from the App Store or elsewhere.
One interesting aspect of Silver Sparrow is that it runs natively on Apple’s M1 chip. This does not mean that it specifically targets M1 Macs, but the malware can affect M1 Macs and Intel Macs alike. We assume that most macOS malware programs will be optimized for Apple Silicon in the future as Apple continues to deviate from Intel.
FTC: We Use Income Earning Auto Affiliate Links. More.