Following the discovery of a new and unusual malware that had the potential to attack Macs running on Apple Silicon, Apple has moved to minimize any impact the maliciously-crafted software could have in the future.
On Saturday, malware was revealed by by Red Canary researchers to use an unusual attack vector to install malware onto macOS. The cluster, named by researchers as "Silver Sparrow," was also found to be an early example of malware that had the capability of attacking Apple Silicon Macs.
More unusually, the malware seemed to be an in-development or test malware, rather than a fully-realized threat, as it lacked a malicious payload. However, it did have the capability to add such an item at a later date through repeated hourly updates.
So far, it seems that no malicious payload has been delivered at all, and it appears unlikely one will be on the way anytime soon.
Shortly after the publication of the malware details, Apple took steps to curtail the potential damage that Silver Sparrow could cause down the line.
An Apple spokesperson informed AppleInsider the company had already revoked certificates for developer accounts used by the malware's creator to sign the packages. The action effectively prevents any new Macs from being infected by the malware, reducing any further spread.
As well as certificate-revocation, Apple notes that it also employs many security hardware and software protections in its products and services, as well as deploying regular software updates that can prevent threats from having an impact.
While the Mac App Store is probably one of the safest places to acquire Mac software due to these protections, the spokesperson added software acquired outside the Mac App Store is also safeguarded. Apple's use of the Notary Service and other security mechanisms are employed to detect malware and block it before it has a chance to run, they added.
9 Comments
I thought this was a macOS issue, not an Apple Silicon Macs issue? Why mention ASi Macs?
This was a bit of malware that contained a binary compiled for BOTH Intel AND ASi Macs. That's not really a reason to doomclaim that Apple's ASi Macs are somehow more at threat than Intel ones.
Hopefully, Apple’s internal security researchers will figure out how to trigger the malware’s self destruct and add that function into a near future security update.
The way articles have been bandied about made it seem like a unique vulnerability in the M1 architecture. Now it is clear it is just an existing malware that has been compiled natively for M1.
Obviously, the safest approach is to never download apps outside of the store and not click on clickbait. Still no one is perfect and a lot of users fall for tricks all the time.
I know Apple security updates eventually catch up to these types of threats, but it would be nice if they were working on ways to identifying them as they turn up or at least be able to scan for these items that do sneak in.