Feb 18, 2021 11:31:00

Malware that runs natively on the high-performance SoC 'Apple M1' originally developed by Apple is discovered

The

SoC ' Apple M1 ' announced by Apple on November 10, 2020 was developed for MacOS, and its high performance has been appealed by Apple, such as CPU 3.5 times speed and graphic processing 5 times speed from the conventional product. It is already installed in the MacBook Air and MacBook Pro released in 2020. But more than three months after the announcement, on February 17, 2021, Patrick Wardle, a developer of free security tools for the Mac, wrote in his blog, 'I found malware that runs natively on the Apple M1. I announced.

Objective-See's Blog
https://objective-see.com/blog/blog_0x62.html

Hackers Are Starting to Code Malware Specifically for Apple's M1 Computers
https://www.vice.com/en/article/v7mnk4/hackers-are-starting-to-code-malware-specifically-for-apples-m1-computers

The malware discovered by Mr. Wardle is a type of adware , and it was included in a Safari extension called 'GoSearch22'. GoSearch22 collects data from browsers and displays pop-ups and banner ads, which have long been reported to be dangerous.

Whoodle found that the updated version of GoSearch 22 contained malware that runs natively on the Apple M1. At the time of discovery, the malware is said to have only financial benefits such as advertising, but warns that updates may be made in the future that include more dangerous features.

The malware inspection website

VirusTotal sees this malware as an updated version of OSX.Pirrit . OSX.Pirrit is said to be developed by an advertising technology development company called Targeting Edge, and has been talked about as malicious malware targeting Mac since around 2016.

When Mr. Wardle uploaded the malware to VirusTotal and inspected it, he found that about 15% of the software could not be detected, so Mr. Wardle said, 'We will allow all antivirus software to detect this new malware. It has not become. ' Fortunately, Apple has revoked the Targeting Edge development certificate, eliminating the risk of users installing malware.