Chapter in this post:
In the "Objective-See" blog I found a message that could be of interest to everyone who uses an M1 Mac with the new Apple Silicon instead of an Intel processor. Because the first native malware now appears to be available for the M1 chip. Accordingly, the title of the blog post with a pun is "Arm'd & Dangerous - malicious code, now native on apple silicon". I have compiled details on the topic for you in German below.
New Apple computers do not run with an Intel chip, but with Apple's own SoC (System on a Chip). This combination of processor (CPU), graphics processor (GPU), neural engine, secure enclave and the like is currently in the first generation known as the M1 chip. It supports a so-called arm64 (AArch64) Instruction Set Architecture (ISA). And this is exactly what the new malware is based on, which means that it was explicitly programmed as arm64 binary for macOS - and thus probably represents the first official malware for the new Apple computers.
In particular, what has already been mentioned above Blog Post von Objective-See mentions the malware or adware "GoSearch22", which was smuggled into new M1 computers from Apple via the Mac App Store. The corresponding certificate that Apple's store apps receive has already been withdrawn and the infected app has been removed from the range. However, the research method used to find GoSearch22 (see below) shows that some users or their computers have already been infected with it. But that's not all: The code was created as a multi-platform solution, so it can also run on Intel Macs.
The blog post at Objective-See comes from Patrick Wardle, who was actively looking for malware that was specially created for the MacBook Pro, MacBook Air and Mac Mini from November 2020. To do this, he used a tool in which malware that is already known and detected by antivirus programs is cataloged. In addition to the search filter for at least two previous messages, he specifically looked for 64-bit code with an ARM structure that uses the Mach-O type. Wardle also looked for certified software (tag: signed) to track down store apps.
There were a total of 255 hits, but only because iOS and iPadOS apps naturally also appear in the search results with the search filters mentioned. Because Apple's own SoC in mobile devices are also ARM chips that are based on a 64-bit architecture. So after all mobile apps had been sorted out and it was ensured which hits were intended for the Apple Mac, only the GoSearch22 malware remained. If you are interested in the whole approach and you are not averse to the English language, I recommend you to read the entire post from 14.02.2021/XNUMX/XNUMX on the Objective-See blog.
One could quickly conclude that there is very little malware for the new M1 Macs (apparently only known malware) and that these computers are therefore particularly safe. But that's not entirely true. Thanks to Rosetta 2, Apple's own emulator for x86_64 apps for Intel chips, it is of course also possible to “translate” code that was actually made for older Macs. That is why apps and tools that are not made natively for the Apple Silicon but for the Intel architecture also work on the new computers. In addition to benign programs, this also applies to those who have no good in mind. So stay vigilant;)
Immediately available! iPhone 13 Mini in the 30 GB Vodafone tariff: € 99 additional payment - Advertisement
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.