Apple Silicon Malware, the First of Its Kind, Was Discovered by an Independent Security Researcher

Submit

The very first native Apple Silicon malware was discovered by an independent security researcher Patrick Wardle. While he initially sang praises of the security of these new Mac models thanks to the latest 5nm M1 chip, he’s now found evidence of malware recompilation.

Apple Has Revoked the Developer’s Certificate so It Can No Longer Run

Patrick Wardle is an ex-NSA security researcher who discovered that hackers were recompiling malware called GoSearch22.app (via AppleInsider). It’s the first native malware for the M1 Mac models, and the current version aims at displaying ads while also collecting the user’s browser data. He also mentions that such malicious code will continue to evolve as Apple comes out with newer hardware featuring the company’s custom silicon. This may also apply to the redesigned MacBook Pro models expected in the second quarter of 2021.

2021 iMac to Feature Five Color Options Similar to iPad Air, Mac Pro to be Smaller

“Today we confirmed that malicious adversaries are indeed crafting multi-architecture applications, so that their code will natively run on M1 systems. The malicious GoSearch22 application may be the first example of such natively M1 compatible code. The creation of such applications is notable for two main reasons. First (and unsurprisingly), this illustrates that malicious code continues to evolve in direct response to both hardware and software changes coming out of Cupertino.”

Wardle also mentions that anti-virus tools used to detect malware on Apple’s Intel-based Macs failed to detect GoSearch22.app on the M1 models. Perhaps it’s a matter of these anti-virus programs upgrading their database to detect new malware since the native one for M1 Macs is fairly new. Wardle also mentions that since Apple revoked the developer’s certificate, it can no longer run.

“What is not known is if Apple notarized the code. We cannot answer this question, because Apple has revoked the certificate.”

It’s also unclear how many macOS users were affected since no user has reported any behavior revolving around unusual ads displayed on their Apple Silicon Macs. We’ll have to wait and see through different forums if there are any users reporting on any strange activity on their Macs and inform our readers in the future, so stay tuned.

News Source: Patrick Wardle

Products mentioned in this post

MacBook
MacBook
USD 1031.61
MacBook Pro
MacBook Pro
USD 1031.61

The links above are affiliate links. As an Amazon Associate, Wccftech.com may earn from qualifying purchases.

Submit