M1 Macs Face First Recorded Malware


It was probably only a matter of time. As the security specialist Patrick Wardle reports, the first adware for M1 Macs has been recorded.

The malware, based on the adware Pirri, was specially compiled for Apple’s ARM platform and makes unwanted adverts display. The malware, first reported to the antivirus platform VirusTotal in December, was called GoSearch22 and was even signed with a developer certificate from Apple. (Apple has since withdrawn this certificate, so the malware would no longer be executable.)

The fact that the first ARM malware is adware is not really surprising. Adware of this type often disguises itself as a browser extension that the user installs themselves; it then changes the browser settings and shows targeted adverts and sometimes also collects user data. Obviously a profitable business, the adware is also active on other platforms and is constantly being adapted.

It’s very unlikely that this is the only M1 malware. Researchers at Red Canary tell Wired that they are investigating a second possibility, and malware authors in general have clearly started work on porting their malware.

Wardle sees it as worrying that current antivirus software and monitoring tools still have problems analysing the ARM version of the malware.

As usual with apps for Apple’s platform, the adware consists of an Intel and an ARM version. Wardle checked the files individually in a test with the VirusTotal platform, and while most virus scanners would have had no problem recognising the Intel version, he said, the ARM version’s recognition fell by 15%.

Our view

The first malware on Apple’s new platform is adware – that’s no surprise. Apple’s new computers are very safe, but the user is not completely safe from adware, and should only install tools or extensions from verified sources.

For general advice read our Mac security tips. And catch a bargain with our guide to the best M1 Mac deals.

This article originally appeared on Macwelt. Translation by David Price.

Source link


Please enter your comment!
Please enter your name here