Malware for Mac computers with an M1 chip has emerged so much so that while the presence of this malicious code was unknown until now, we have seen two different aspects appear within a few days.
The first malware registered for Mac M1s, was associated with the Safari extension GoSearch22, which is adware, as reported by VirusTotal in December 2020, but made public only in February 2021.
The appearance of the second malware for Mac M1s has been dubbed Silver Sparrow, and emerged at a time when Apple argues that Mac M1s are more secure than those based on an Intel chip, a statement that calls these computers into question. are virus free.
The security firm Red canary (supported by MacRumors ) discovered the new malware, which targets Macs with the new M1 processors. The malware uses the JavaScript API of the macOS installer to execute commands. This is what you need to know.
What is Silver Sparrow?
No one knows for sure. Once entered on your Mac, Silver Sparrow connects to a server once per hour. Security researchers fear it is preparing for a major attack.
Security firm Red Canary believes that while Silver Sparrow has ever delivered a malicious payload, it could pose a pretty serious threat over time if its presence goes undetected.
The malware has become noticeable because it runs on Apple’s M1 chip. This doesn’t necessarily indicate that criminals are specifically targeting M1 Macs, but rather suggests that M1 Macs and Intel Macs can be infected in the same way.
How many Macs are infected?
According to Malwarebytes and to date (end of February), Silver Sparrow has infected a total of 29,139 macOS systems in 153 countries, but most of them are in the US, UK, Canada, France and in Germany.
It is not known how many of them are M1 Macs. Both the Intel and the M1 are reportedly affected, but we don’t know exactly what the distro looks like.
What does Silver Sparrow do?
What is known is that infected computers contact a server once per hour, which can therefore be a form of preparation for a major attack. As we said before, the malware uses the JavaScript API to execute commands.
So far, the security company has not been able to determine whether the commands actually lead to anything else, and as a result, the extent to which Silver Sparrow poses a serious threat is still unknown. However, the security company considers the malware to be serious.
What is Apple doing?
Apple took immediate action to revoke the developer certificates that allowed the installation of the Silver Sparrow malware. Therefore, they should no longer be available for other installations.
Apple customers are generally protected against malware because all software downloaded outside of the Mac App Store must be audited. In this case, it appears that the malware authors were able to obtain a certificate that was used to sign the package.
Without this certificate, the malware can no longer infect more computers, but it is quite worrying that the malware has a certificate.
For general advice on how to protect your system, check out our Mac security tips as well as the best antivirus for Mac with which to protect your Mac.
.
Table of Contents
