{"id":19435,"date":"2021-02-20T23:16:39","date_gmt":"2021-02-20T22:16:39","guid":{"rendered":"https:\/\/www.apfelpatient.de\/?p=19435"},"modified":"2021-02-20T23:16:40","modified_gmt":"2021-02-20T22:16:40","slug":"m1-macs-in-the-sights-of-malware-fund-causes-discussion","status":"publish","type":"post","link":"https:\/\/www.apfelpatient.de\/en\/news\/m1-macs-im-visier-von-malware-fund-sorgt-fuer-diskussion","title":{"rendered":"M1 Macs targeted by malware: Find sparks discussion"},"content":{"rendered":"

The second known malware compiled to run natively on M1 Macs has now been discovered by security firm Red Canary, but the exact threat remains a mystery.<\/strong><\/p>\n\n\n\n

The malicious package, called "Silver Sparrow," uses the macOS Installer JavaScript API to execute suspicious commands. However, after observing the malware for over a week, neither Red Canary nor its research partners have been able to identify a definitive payload, so the exact threat posed by the malware remains a mystery. According to Red Canary, the malware is nevertheless "a pretty serious threat":<\/p>\n\n\n\n

While we have not yet observed Silver Sparrow delivering additional malicious payloads, its forward-looking compatibility with the M1 chip, global reach, relatively high infection rate, and operational maturity suggest that Silver Sparrow is a fairly serious threat that is uniquely positioned to deliver a potentially high-impact payload at a moment's notice.<\/p><\/blockquote>\n\n\n\n

M1 Macs: First malware discovered only recently<\/h3>\n\n\n\n\n\n\n\n

According to Malwarebytes, as of February 17, Silver Sparrow has infected 29,139 macOS systems in 153 countries, including a high number in the United States, the United Kingdom, Canada, France, and Germany. Red Canary did not specify how many of these systems were M1 Macs. Noting that the "Silver Sparrow" binaries "don't seem to do much yet," Red Canary referred to them as "bystander binaries." <\/p>\n\n\n\n

\"Silver
via Red Canary<\/figcaption><\/figure>\n\n\n\n

When running on Intel-based Macs, the malicious package simply displays a blank window with a \u201cHello, World!\u201d message while the Apple Silicon binary leads to a red window that says \u201cYou did it!\u201d The first malware that runs natively on M1 Macs was discovered just a few days ago. Technical details on this second malware package can be found in the blog post<\/a> by Red Canary. (Photo by Ekaterina79 \/ Bigstockphoto)<\/em><\/p>\n\n\n\n