In the past year, the number of malware and other malicious software on Apple Mac computers increased, however, in this indicator, computers running the Windows operating system “lead” by a wide margin.
Security researchers at AV-TEST found 674,273 new malware samples for macOS in 2020. On the other hand, they identified a total of 56,556 samples in 2019 and 92,570 samples in 2018. Over the past year, the number of malware for this platform has increased more than tenfold. In addition, much more unique malware was detected, indicating that malware developers are paying more attention to the Mac.
It is noteworthy that in the period from 2012 to 2019, AV-TEST specialists identified only 219,257 samples of malware for this platform. Despite the fact that the number of malware on Mac is growing rapidly, this platform is still very far from Windows. The same company found that 91.05 million malware samples were created for the Microsoft platform in the past year, an all-time high. The previous record was recorded a year earlier.
Based on this data, Windows malware developers created an average of 250,000 new threats every day. For the Mac, fewer than 2,000 new threats were created per day.
Of course, the interest in the Windows platform is due to the large number of users in comparison to Mac (9 versus 1 according to the latest statistics).
An unknown malware infects tens of thousands of Macs
While news of malware infections on Macs is relatively rare, new information about nearly 30,000 Macs infected is a matter of concern due to its complex nature and lack of information available.
Researchers at Red Canary have discovered a new type of macOS malware they dubbed Silver Sparrow. The malware is strange for many reasons, the main one being that it has remained largely inactive until now. Despite the fact that it exchanges data with the command and control servers once an hour; waiting for the execution of potentially malicious binaries, at the moment Silver Sparrow has not harmed infected computers.
In addition to the Intel x86_64 variant, an analog for the Apple M1 is also available. Both versions contain “third-party observer binaries” that print “Hello World!” and “You did it!” Displaying such messages on the screen is not a serious problem, but potentially the malware can start performing some work on request from the control servers. Red Canary emphasized that complex infrastructure leverages CDNs and AWS networks effectively, making it difficult to track and remove.
Another interesting fact about Silver Sparrow is that it contains self-destruct mechanisms; that remove all traces of malware from infected devices. They did not observe this mechanism by default on mac computers; which means that users load it randomly based on the fulfillment of currently unknown conditions.
Red Canary reported that as of February 17, 2021, 29,139 macOS devices have been infected in 153 countries.