LightBlog

jeudi 18 février 2021

Apple M1 processor faces its first malware in the form of an adware extension

A lot of people might argue that Mac is comparatively safer than Windows. While that is largely true, the past few years have seen a steady increase which has become a cause of concern. A new malware has now been spotted which is said to be the first such malicious piece of software targeting Apple’s new M1 processor.

Making its debut late last year on the new MacBook Pro, MacBook Air, and Mac Mini, the new ARM-based M1 chipset has been praised for offering excellent performance compared to similar chipsets from Intel. The transition to ARM allowed Apple to not only move away from Intel’s x86 architecture from 2005 but also integrate certain security features right onto its processors. This architecture change has forced developers to start making newer versions of their software to run natively on the M1 chipset rather than translating them through Apple’s Rosetta 2 emulator. Unsurprisingly, creators of malware have also adapted to this transition, according to a report by Wired.

A report by Mac security researcher Patrick Wardle explains how malware can be easily adapted and recompiled to run natively on the ‌M1‌ chip. The first M1 malware is apparently a Safari adware extension called “GoSearch22” originally made to run on Intel x86 chips. It is said to be a part of the “Pirrit” Mac adware family which is one of the oldest and most active Mac adware families that constantly changes to evade detection.

The adware disguises itself as a legitimate Safari browser extension. At the same time, it collects user data and induces a large number of ads including banners and popups that link to malicious websites flooded with more malware. It is noteworthy that GoSearch22 was signed with an Apple Developer ID in November 2020, but its certificate has been revoked ever since. Further, Wardle suggests that the malware for the ‌M1‌ is at quite an early stage, and the signatures used to detect threats from malware on the ‌M1‌ chip have not yet been observed for the most part. Thus, it is pointless to use antivirus scanners and defensive tools as most of them are struggling to process the amended files correctly. GoSearch22 is not the only M1 malware as researchers from security company Red Canary suggest that there are more such malicious pieces of software that are currently being investigated.

The post Apple M1 processor faces its first malware in the form of an adware extension appeared first on xda-developers.



from xda-developers https://ift.tt/3ucHzLE
via IFTTT

Aucun commentaire:

Enregistrer un commentaire