Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First Malware Running Natively on M1 Chip Discovered
- Thread starter MacRumors
- Start date
- Sort by reaction score
This isn't a "vulnerability".
Malware is software that in some way or other harms the user. But that doesn't mean that it had to exploit some technical flaw to get onto the user's computer. A browser extension like this one is intentionally installed by the user.
Not sure what people are trying to prove in these comments. The fact that there is native malware for the M1 has little to nothing to do with the security of the instructions set or chip as this Malware is (so far) not exploiting any vulnerability in the instruction set or chip. It, like the vast majority of Malware is exploiting the weak link, us, and to an extent the security of the OS. Now, further down the road we may see malware taking advantage of chip or Instruction set vulns but even in X86/64 they are pretty darn rare as they are usually rather challenging to exploit
I’m glad to see new malware being adapted to run natively on M1. It happens fast too. M1 Mac isn’t even a whole year old yet.
Can’t wait to see more advanced malware that eventually require zero user interaction, lethal, stealthy and powerful.
Yes. It sounds like I love my Mac to get infected. No. I too want my Mac free of virus and malware. But I appreciate hackers hard work to continue make Mac and macOS not “immune from malware or virus”. I hate this narrative.
Can’t wait to see more advanced malware that eventually require zero user interaction, lethal, stealthy and powerful.
Yes. It sounds like I love my Mac to get infected. No. I too want my Mac free of virus and malware. But I appreciate hackers hard work to continue make Mac and macOS not “immune from malware or virus”. I hate this narrative.
Bit of a non story really. Of course malware exists for the M1 like it does for virtually ever platform/every chip. The fact it is a new chip makes malware more likely, as you only respond to unknown threats on any given chip/platform when they occur. Obviously you try to make provision, but that is impossible to make perfect for every company, especially in the first form of a new chip.
Malware specifically tailored to run on Apple's M1 chip has been discovered, indicating that malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.
Mac security researcher Patrick Wardle has now published a report, cited by Wired, that explains in detail how malware has started to be adapted and recompiled to run natively on the M1 chip.
Wardle discovered the first known native M1 malware in the form of a Safari adware extension, originally written to run on Intel x86 chips. The malicious extension, called "GoSearch22," is a well-known member of the "Pirrit" Mac adware family and was first spotted at the end of December. Pirrit is one of the oldest and most active Mac adware families, and has been known to constantly change in an attempt to evade detection, so it is unsurprising that it has already begun adapting for the M1.
The GoSearch22 adware presents itself as a legitimate Safari browser extension, but collects user data and serves a large number of ads such as banners and popups, including some that link to malicious websites to proliferate more malware. Wardle says the adware was signed with an Apple Developer ID in November to further conceal its malicious content, but it has since been revoked.
Wardle notes that since malware for the M1 is still at an early stage, antivirus scanners are not detecting it as easily as x86 versions and defensive tools like antivirus engines are struggling to process the amended files. The signatures used to detect threats from malware on the M1 chip have not yet been substantially observed, so the security tools to detect and deal with it are not yet available.
Researchers from security company Red Canary told Wired that other types of native M1 malware, distinct from Wardle's findings, have also been found and are being investigated.
Only the MacBook Pro, MacBook Air, and Mac mini have Apple silicon chips at this time, but the technology is expected to expand across the Mac lineup over the next two years. Given that all new Mac computers are expected to feature Apple silicon chips like the M1 in the near future, it was somewhat inevitable that malware developers would eventually start to target Apple's new machines.
While the M1-native malware that researchers have found does not seem to be unusual or particularly dangerous, the emergence of these new varieties acts as a warning that there is likely more to come.
See Wardle's full report for more information about the first M1-native malware.
Article Link: First Malware Running Natively on M1 Chip Discovered
Ugh and people keep saying "macOS is running just fine" when they want to open iOS up. No, anyone using a computer will tell you these are not "running just fine". Major companies are STILL getting malware and sometimes its all because of just one single email.
Sometimes that doesn't matter. You can browse a completely legitimate website and get malware from a malicious ad on it. I don't like to ad-block when I can (which is why I pay Macrumors for the ad-free experience). But it is really becoming a necessity to even be secure.
I don't think that is what the poster meant by "opening up".
But yes I am all for open-source software. I am working on a game that I plan to sell and with it, you can get the source code. So I guess this is "semi" open source. It is more of an educational game anyway so it works out that way.
Careful. Sometimes there are open source software that comes highly recommended in the tech industry that have pages with dozens of download now buttons. Sometimes it is tricky knowing which of the 12 is the correct "Download" button you should click.
If your click happy your chances are greater ? Correct ? Changing browser's would probably be a good decision.
Sad that people choose to go down this road.
Sad that people choose to go down this road.
I guess you never been subject to malicious ads before. Or a simple typo when going to a URL. I wanted to install Filezilla a few years ago and one typo in the URL caused major issues for me. And I did not download a thing, but there are security exploits that don't always require user interaction.
A friend of mine asked me recently why I always google where I want to go when I know the URL. This is why.
I think you misconstrued my use of "popular" with "better."
Popular in the sense that Windows is the most commonly used (computer/laptop) operating system. For all the reasons you listed Windows is more popular (not saying it's better, just that it's used more).
It's a Safari extension that you need to install manually. The only difference to a "normal" extension is that it was written by someone with malicious intent. No vulnerability needed.
Question 1: Was there an x86 version of the malware?
Question 2: If yes, did the x86 version run using Rosetta?
Question 3: If yes, does having an ARM version make any difference?
Question 2: If yes, did the x86 version run using Rosetta?
Question 3: If yes, does having an ARM version make any difference?
It's not an exploit, they just made malware that's installed through a known attack vector. Anyone can do it.
Yes but for other reasons, that you can't get a good ad-blocker on Safari, and ad-blocking is key to not getting assaulted by random websites.
