Over the weekend, we reported on the second known piece of malware compiled to run natively on M1 Macs. Given the name "Silver Sparrow," the malicious package is said to leverage the macOS Installer JavaScript API to execute suspicious commands. After observing the malware for over a week, however, security firm Red Canary did not observe any final payload, so the exact threat to users remains a mystery.
Nonetheless, Apple has since informed MacRumors that it has revoked the certificates of the developer accounts used to sign the packages, preventing additional Macs from being infected. Apple also reiterated that Red Canary found no evidence to suggest the malware has delivered a malicious payload to Macs that have already been infected.
For software downloaded outside of the Mac App Store, Apple said it has "industry-leading" mechanisms in place to protect users by detecting malware and blocking it so it cannot run. Since February 2020, for example, Apple has required all Mac software distributed with a Developer ID outside of the Mac App Store to be submitted to Apple's notary service, an automated system that scans for malicious content and code-signing issues.
Malware targeting M1 Macs has simply been compiled to run natively on the Arm-based architecture of the M1 chip, now that Intel-based Macs are slowly being phased out. For more details about the "Silver Sparrow" malware, read our earlier coverage.
