It looks like hackers are interested in harming M1 Mac devices and are actively working to infect them in different ways. A previously undiscovered malware can now be found on nearly 30,000 Macs worldwide. The number is not huge, but the fact that the malware went undetected in the device shows us how serious the problem is. The malware is also said to have self-destructive capabilities normally found in “high stealth operations,” as reported by Ars Technica.
The report adds that researchers have not yet observed the delivery of payloads on any of the infected 30,000 machines. Since there was no payload, the ultimate destination of the malware remains unknown.
Even more worrisome is the fact that this malware, which went undetected, is found in the new M1-based MacBooks. This also marks it as the second known malware for M1-based macOS.
It also mentions that the malware is distributed in 153 countries on these 30,000 Macs, with the main locations being the US, UK, Canada, France and Germany.
The malware is said to use Amazon Web Services and the Akamai Content Delivery Network for a reliable command infrastructure. This also makes it difficult to block the servers. Researchers at Red Canary, the security company who discovered this macOS malware, call it “Silver Sparrow”.
Also read: Chromebook Oversold Macs in 2020: Report
“Although we haven’t seen Silver Sparrow deliver additional malicious payload, the advanced compatibility with M1 chips, global reach, relatively high infection rate, and operational readiness suggest that Silver Sparrow poses a reasonably serious threat to be found in a unique position is to have potentially effective impact payloads in the shortest amount of time, ”Red Canary researchers wrote in One blog entry released on Friday. “With this cause for concern, in a spirit of transparency we wanted to share everything we know with the broader Infosec industry sooner rather than later.”
According to the report, Silver Sparrow will be available in two versions – one with a Mach object format binary compiled for Intel x86_64 processors, and the other Mach-O binary for the M1.
But good news for Apple users: the company has revoked developer certification for both of the bystander binaries.