News Categories

Malware targeting Apple's M1 Macs appearing in the wild

By Ken Wong - on 18 Feb 2021, 2:32pm

Malware targeting Apple's M1 Macs appearing in the wild

Apple M1 Macs are facing their first security threat. Image courtesy of Unsplash.

The new M1 processor-based MacBook Air, Pro, and Mac mini have been out for a few months now and popular apps have been updated with native support for them. But a few months is all it’s taken for malware targeting them to also make an appearance.

While Macs have traditionally been safer from malware attacks compared to their Windows-based counterparts, their growing popularity has seen a corresponding rise in malware targeting them.

According to Apple, the new M1 processors allow them to verify that the version of macOS software and apps loaded during start-up and as the Mac runs, were authorised all by Apple.

But it seems like the bad guys have also been working to find ways around this.

Mac security researcher Patrick Wardle recently tweeted about an M1-native version of the long-running Mac-targeted Pirrit adware family that he discovered.

Originally a Safari adware extension written to run on Intel x86 chips, GoSearch22 has now been redeveloped specifically for the M1 processor. In his blog, Wardle says that this “confirms malware/adware authors are indeed working to ensure their malicious creations are natively compatible with Apple’s latest hardware.” Apple has since revoked the app’s certificate where the certificate is an attachment to an electronic document that allows the safe transfer of information over the Internet.

Apple has revoked the extensions certificate. Image courtesy of Patrick Wardle

GoSearch22 is a fake search extension that injects all sorts of advertisements while the user is browsing. Wardle found it when he was searching the online VirusTotal database for malware using fat binaries to run on Intel and M1 powered Macs.

He also cautioned that “while the x86_64 and arm64 code appears logically identical (as expected), we showed that defensive security tools may struggle to detect the arm64 binary”.

In a news report, Thomas Reed, an expert on Mac malware with antivirus firm Malwarebytes, said that he didn't think that M1 Mac users should worry too much about M1-native malware right now.

"However, this does mean that we should anticipate seeing malware creators switch to single-architecture M1-only binaries as a means of evading detection," he added. "Antivirus companies should start thinking now about how they will plan to detect these things when they start to appear in the future."

Keeping GoSearch22 away

The M1 processor has brought a number of improvements to the Mac. Image courtesy of Apple.

To prevent your Mac from infection, experts recommend a number of steps:

Pay close attention to pop-ups, especially those that ask your permission to install something to proceed.

If your Mac asks to do something that you weren’t expecting, chances are, it's nothing good.

Don’t download random applications straight from the Internet because they may be hiding adware or malware.

Not everyone will agree, but some form of Mac antivirus software can be good.


Source: Toms Guide, Twitter, Objective-see

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.