New malware is infecting Apple Inc. MacBook and Mac PCs running macOS. Strangely, the actively spreading macOS malware, codenamed ‘Silver Sparrow’, primarily targets the new Apple M1 SoC that runs on ARM CPUs.
Security researchers have discovered yet another malware that specifically targets the new Apple M1-based MacBook and Mac PCs running macOS. Incidentally, the malware doesn’t have a payload, yet.
Second malware infecting Apple M1 chipset powering macOS discovered:
New malware is actively spreading across the globe. The malicious string of code that security researchers have labeled Silver Sparrow, infects Apple macOS.
But more specifically, the new malware goes after Apple PCs that have the latest Apple M1 chipset. So far, security researchers have estimated almost 30,000 infections, and the number is gradually climbing.
Besides the fact that yet another malware targeting Apple M1 SoC has come up so quickly, there are a couple of more grave concerns about Silver Sparrow.
— Necio (@Necio_news) February 20, 2021
Once installed, Silver Sparrow searches for the URL the installer package was downloaded from. This is most likely a method to check the most effective or successful delivery or distribution channel. The URL check suggests that malicious search results may be at least one distribution channel, in which case, the installers would likely pose as legitimate apps.
Once the malware silently infects an Apple M1-based macOS machine, it pings a control server every hour. According to researchers, the malware tries to check if there are any new commands it should run or binaries to execute. So far, however, researchers have yet to observe the delivery of any payload on any of the infected devices.
— Shawn Collins (@shawnsie) February 20, 2021
What this means is that the Silver Sparrow malware does not have a payload yet. In other words, the malware merely infects a machine and then does nothing, except for periodically checking for new instructions.
Strangely, the malware also has a self-destruct mechanism. Simply put, the creators of Silver Sparrow have embedded a mechanism to completely remove the malware. However, even this system remains unused, yet.
How does the Silver Sparrow malware install and evades detection?
According to the researchers, the malware uses Amazon Web Services and the Akamai content delivery network. Blocking such networks is quite difficult.
Researchers at VMware Carbon Black and Malwarebytes claim Silver Sparrow is a “previously undetected strain of malware.” The majority of Apple macOS running Macs with the new Apple M1 chipset are from the US, the UK, Canada, France, and Germany.
— Red Canary (@redcanary) February 19, 2021
Researchers have also discovered two strains of the Silver Sparrow malware. One version’s payload consists of a binary affecting Intel-based Macs only, while the other was a binary is meant for both Intel and M1 architectures.
The current payload is a placeholder. When executed, the first version opens a window that literally says “Hello, World!” and the second states “You did it!”
Incidentally, Apple has revoked the developer certificate for both bystander binary files. However, that doesn’t eliminate the potential security risks that the new ARM-based Apple M1 chipset faces.