The News: Mysterious malware — that has not yet engaged in malicious activity — has infected nearly 40,000 Mac devices, according to the cybersecurity firm Red Canary, which first detected the threat. Read the full news piece on ABC.
Analyst Take: Apple long had the reputation of being almost impenetrable from a malware standpoint, while some may argue it was the lower volume compares to Windows OS that often left Mac unscathed. In short, Apple threats have been on the rise in recent years, before the M1 came to fruition. However, the new architecture is raising a series of questions about new potential vulnerabilities tied to Apple’s recent transition.
What we know so far is that security researchers at Malwarebytes and Red Canary discovered a mysterious piece of malware hiding on nearly 40,000 Macs. This malware is designed to deliver an as-yet-unknown payload, and to make it even more interesting, it has a self-destruction mechanism that appears to be capable of removing any trace that it ever existed. They’re calling it Silver Sparrow.
A Refresher on M1
Apple’s M1 chip represents its big shift away from Intel’s x86 architecture Apple has used since 2005. This move provided Apple more opportunity to develop specific Mac security protections and features directly into its processors. The transition has also required a vast number of developers to work on building versions of their software that run “natively” on M1 to deliver top performance rather than needing to be translated through an Apple emulator called Rosetta 2. At this point, many things still need to be run using Rosetta 2.
With this transition, threat creators developing malware, adware, and ransomware have seen this as an opportunity to create more pervasive threats for the Mac ecosystem. This move to creating M1 specific malware shouldn’t be seen as a surprise, it is the natural evolution. However, it does raise a question about greater vulnerabilities that could come for those using the new homegrown based M1 Macs.
Going Forward – Apple Must Be Prudent
The consideration moving forward for Apple will be to make sure its M1 Mac’s don’t capture a reputation as more vulnerable than Windows OS–as that has always been a differentiator. This will also put the onus on Apple to expand bounty programs and other investments in intrusion detection that can sniff out these types of malware early on. At this point, the consensus among security researchers is that the tools for detection of Malware on M1 aren’t mature and this makes it a potentially attractive place for hackers to invest resources. Hence, the point about greater investment in endpoint intrusion detection.
The number 40,000 or so is a relatively small number given the millions of laptops sold every quarter (both MacOS and Windows). However, historically speaking Apple was just scene as a safer environment with less risk. Over the past few years, this changed based upon greater level of sophistication by hackers, but also higher Mac prevalence.
I’m confident in time Apple will quell some of the initial aggression against M1. However, that timetable may need to be shortened with more resources and focus on this problem. It is a challenge that Apple hasn’t had to deal with much compared to its competitors, but its vertical integration into homegrown chips may have opened the door for it to sharpen its security sword, or risk damage to its reputation.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.