(Last Updated On: February 22, 2021)

There has been a breach in M1 Mac devices which is continuing to infect them in multiple ways. The malware had not been found before but currently, it is visible on about 30,000 Macs worldwide. Even though this is not a large amount, the fact that it had continued to stay undetected shows that it was a pretty serious issue. It is also said that the malware has a self-destruct ability, which usually is only found in “high-stealth operation,” Ars Technica reported.

The report also says that researchers have yet to see the delivery of any payload on any of the infected 30,000 machines. As there is no payload, the main aim of the malware continues to be unknown.

This will be the second known malware to be found in an M1-based macOS.

“The malicious binary is more mysterious still because it uses the macOS Installer JavaScript API to execute commands. That makes it hard to analyze installation package contents or the way that package uses the JavaScript commands,” Ars Technica said.

It also says that the malware in the Macs is widespread throughout 153 countries with important locations such as the US, UK, Canada, France and Germany being the place where most cases can be found.

AWS and Akamai content delivery network are being used by the malware for a dependable command infrastructure while also making it harder to block the servers. Security company Red Canary’s researchers had found this malware and have named it ‘Silver Sparrow’.

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice. Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later,” researchers from Red Canary had written in a blog post. 

The report says that the malware will come in two versions – one with a binary in mach-object format compiled for Intel x86_64 processors and the other Mach-O binary for the M1.

Apple has taken back the developer certificate for both files.

Like it? Share with your friends!




Leave a Reply

Send this to a friend