Second malware for Apple M1 Macs found with self destruct abilities

It looks like hackers are keen on breaching M1 Mac devices and are actively working on infecting them in different ways. A previously undetected malware is now found in almost 30,000 Macs worldwide. The number is not huge but the fact that the malware stayed inside the device undetected, does tell us how serious the issue is. The piece of malware is also said to have self-destruct abilities, which is usually found in “high-stealth operations” as reported by Ars Technica.

The report adds that researchers are yet to observe delivery of any payload on any of the infected 30,000 machines. Since there has been no payload, the ultimate goal of the malware stays unknown.

What's more worrying is the fact that this malware, which stayed undetected, is found in the new M1-based MacBooks. This also marks it as the second known malware for M1-based macOS.

Also read: Apple M1-based MacBook and Mac Mini face their first malware

“The malicious binary is more mysterious still because it uses the macOS Installer JavaScript API to execute commands. That makes it hard to analyze installation package contents or the way that package uses the JavaScript commands,” states Ars Technica.

Also mentioned is that the malware in these 30,000 Macs is spread across 153 countries with major US, UK, Canada, France and Germany being the key locations where the highest cases are found.

The malware is said to use Amazon Web Services and the Akamai content delivery network for a reliable command infrastructure. It also makes blocking the servers harder. Researchers from Red Canary, the security firm that discovered this macOS malware, are calling it ‘Silver Sparrow'.

Also read: Chromebook oversold Macs in 2020: Report

“Though we haven't observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment's notice,” Red Canary researchers wrote in a blog post published on Friday. “Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.”

As per the report, Silver Sparrow is said to come in two versions - one with a binary in mach-object format compiled for Intel x86_64 processors and the other Mach-O binary for the M1.

But good news for Apple users, the company has revoked the developer certificate for both bystander binary files.