Skip to main content

Malware found on some new Apple M1 Macs mystifies experts

Hackers appear to have wasted little time in targeting Apple’s recently launched Mac computers featuring its new M1 chip.

Colorado-based security firm Red Canary says it has discovered malware on nearly 30,000 Mac computers globally, though experts are currently trying to work out its precise purpose.

The malware, dubbed “Silver Sparrow,” is described as a “previously undetected strain,” though another version of it had Intel-made equipment in its sights, according to Red Canary.

According to Arstechnica, researchers have discovered that the mysterious malware is set up to check a control server once an hour. It does this to determine if there are any new commands for the malware to run. But up to now, no commands or payloads appear to have been delivered to the infected computers, leaving experts wondering what may be coming down the track.

The malicious software also incorporates a self-destruct capability that, if and when directed, enables it to remove itself from a computer.

Red Canary says that according to data provided by California-based security firm Malwarebytes, Silver Sparrow had infected 29,139 Mac computers in 153 countries as of February 17, with cases mainly concentrated in the U.S., Canada, U.K., France, and Germany.

Given what it currently knows, Red Canary says the malware presents a “reasonably serious threat” to infected Mac computers.

“Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice,” Red Canary said in a blog post detailing what it knows so far about the malware.

It added: “The ultimate goal of this malware is a mystery. We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution. Based on data shared with us by Malwarebytes, the nearly 30,000 affected hosts have not downloaded what would be the next or final payload.”

The company’s post shares details about how it was able to detect Silver Sparrow using checks that can also uncover other MacOS threats.

Many people may still be of the belief that Apple-made computers don’t get malware. This, of course, isn’t true, and so Mac owners should be certain they have the proper protections in place to ensure their machines have the best chance of keeping hackers at bay.

UPDATE: Apple has reportedly taken steps to prevent additional Mac computers from being infected with the malware.

Editors' Recommendations