What to know about new malware if your company runs on Mac

Mac lovers have touted multiple advantages over Windows-based machines for years. These claims haven’t always been substantiated by real data, sure… but folks love Apple computers and have for a while now. One of the advantages claimed for years and years is that Macs are less vulnerable to hacking, ransomware, malware, etc. While that may have been true a decade or more ago, much of the reason likely resulted from the fact that Apple had such a small marketshare of the hardware business that it wasn’t worth hackers’ time to program specifically for that few of users. That’s obviously not the case now. And as Macs have propagated, so too have digital threats against them.

Now, we’re not saying you should absolutely prefer Windows or Mac necessarily — each shop is different, with different needs and priorities. But that said, if you are a Mac shop, here’s what you should be on the lookout for as new malware has surfaced in recent weeks.

Change in hardware, change in malware

In late 2020, Apple released a new line of laptops and desktops (specifically the MacBook Air, 13-inch MacBook Pro and Mac mini) that no longer sported Intel inside; Apple had taken their chip manufacturing in house. These lines dropped with the new M1 chip powering each, respectively. And when you have new hardware like that drop, hackers have a new vulnerability to attack, according to a new report from cybersecurity firm Kaspersky.

“As soon as a platform becomes more popular or highly anticipated, developers try to ensure that their software is available for it,” Kaspersky said in its report. “Malware developers are no exception.”

XCSSET malware

Discovered for the first time last year, the XCSSET malware mainly targets Mac developers by injecting a malicious payload into Xcode IDE projects on the victim’s Mac. XCSSET is triggered when the developer builds project files in Xcode; the payload is capable of several nasty tricks, including reading and dumping Safari cookies, injecting malicious JavaScript code into various websites, stealing user files and information from apps such as Notes and Skype, and encrypting user files. If you’re not an app developer, this may not affect you directly, but what it goes more to show is that this line of malware was updated and recompiled with specific targeting for M1 mac machines.

It’s probably a pretty safe bet other active malware campaigns are being recompiled for the new machines, as well.

Silver Sparrow

According to Tech Republic, a recent malware threat, Silver Sparrow, has already landed on more than 30,000 Macs. Instead of hiding in preinstall or postinstall scripts for application packages, the payload for Silver Sparrow conceals itself in the Distribution XML file for an app. The initial version targeted just the Intel x86_64 architecture, yet another sign that active threat vectors are being updated to the M1 architecture.

According to Kaspersky, here’s how the attack breaks down:


So what does this mean for you? Well, if you’re not a security expert, it might be time to talk to someone who is. Managed IT partners like Leverage can sort all this out for you, so you don’t have to worry about it.

Additionally… Use security software from trusted vendors to help protect your machines! And perhaps most importantly, keep rigorous backups that are separate and detached from your primary network. If you are hacked and/or locked out of your system, you need to be able to restore from backup without losing massive amounts of work in the process.

If you want to talk about how getting Leverage can help your bottom line, give us a ring today!