Although malware targeting Apple computers running macOS are less common than malware targeting Microsoft Windows, the threat is just as serious and potentially damaging, exposing macOS users to digital surveillance and theft of information. Researchers at Red Canary discovered a serious macOS malware threat, delivering a binary payload that is compiled to be compatible with Apple’s brand-new M1 system architecture. Researchers have named the new cluster of activity “Silver Sparrow” and reports indicate that it has already infected upwards of 29,100 Apple machines across 153 countries as of February 17, 2021.
It is generally thought macOS malware is limited to adware and other “minimally” invasive threats. However, several malware varieties associated with Advanced Persistent Threat (APT) groups have targeted macOS systems over the several years, and some have managed to remain under the radar of defenders for quite some time before discovery. The threat from Silver Sparrow to pivot and drop other malicious and more specially crafted payloads for execution on victim machines should not be taken lightly. While Microsoft Windows machines dominate the market share of business computers, Apple comes in second with 13% of the laptops and workstations sold worldwide, reflecting a significant and increasing portion of enterprise workstations. While there are relatively few reliable options for commercial antivirus programs on macOS, there are some EDR solutions available for small business to large enterprise, including Binary Defense’s multi-platform MDR and Microsoft Defender for Endpoint’s macOS agent. While this is a worthy mitigation strategy, there are gaps left in security relying solely on passive detection. Employing active analyst observation using a 24/7 Security Operations Center such as Binary Defense’s team and proactive solutions such as Threat Hunting greatly reduces the risk to macOS endpoints by utilizing expert researchers to hunt down and identify active threats on the network.