There is a common stereotype that Apple’s computers are largely immune to malware. Not only is is that wrongIt appears that sophisticated hackers toyed with the idea of a robbery or fall evil enough to cover their tracks. How Ars Technica ReportsSecurity researchers from Malwarebytes and Red Canary discovered a mysterious piece of malware hiding on nearly 30,000 Macs. It was designed to deliver a payload as yet unknown, and with a self-destruct mechanism that could remove any trace that has ever existed. They call it Silver Sparrow.
Red Canary’s own blog post goes into more detail on this, including the discovery of several versions targeting not just Intel but newer Macs based on Apple’s own M1 chip – which is just the ticket. given how new Apple’s M1 computers are and how few vulnerabilities have been discovered so far. It was literally just a week ago Objective-See security researcher Patrick Wardle published a story about the first malware discovered in the wilderness that targets Apple Silicon. Now we have two.
Fortunately, Silver was Sparrow Not Red Canary is able to cover its tracks before it fails. There’s no indication that it was used to cause harm, and Red Canary writes that Apple has already revoked the binaries (which should in theory prevent you from accidentally installing them yourself). But the idea that harm could be done is not theoretical: you actually found these types of malware in the wild on Macs.
With all of this in mind, Silver Sparrow is uniquely positioned to deliver a potentially impactful payload in the short term. So we wanted to share everything we know with the broader Infosec community sooner rather than later.
– Red Canary (@redcanary) February 19, 2021
Researchers warn that Apple’s transition from Intel to its own silicon could make it easy for other bad actors to push malware through the cracks: you can read quotes from several of them in this Wired history.