There’s a popular stereotype that Apple’s computers are largely immune to malware. Not only is is that incorrect, it appears that sophisticated hacker(s) might have been toying with the idea of a heist or drop nasty enough they’d have needed to cover their tracks. As Ars Technica reports, security researchers at Malwarebytes and Red Canary discovered a mysterious piece of malware hiding on nearly 30,000 Macs, one designed to deliver an as-yet-unknown payload, and with a self-destruction mechanism that might remove any trace that it ever existed. They’re calling it Silver Sparrow.
Red Canary’s own blog post goes into more detail, including how they discovered multiple versions targeting not only Intel, but also newer Macs based on Apple’s own M1 chip — which is quite the thing, given how new Apple’s M1 computers are and how few vulnerabilities have been discovered yet. It was literally just one week ago that Objective-See security researcher Patrick Wardle published a story about the first piece of malware discovered in the wild targeting Apple Silicon, and now we have two.
Thankfully, Silver Sparrow was not able to cover its tracks before being outed, there’s no indication it was used to do any damage, and Red Canary writes that Apple has already revoked the binaries (which should theoretically keep you from accidentally installing it yourself). But the idea damage could have been done isn’t theoretical: they actually found these strains of malware on Macs in the wild.
Given all of this, Silver Sparrow is uniquely positioned to deliver a potentially impactful payload at a moment’s notice, so we wanted to share everything we know with the broader infosec community sooner rather than later.
— Red Canary (@redcanary) February 19, 2021
Researchers warn that Apple’s transition from Intel to its own silicon may make it easy for other bad actors to slip malware through the cracks, too: you can read quotes from several of them in this Wired story.