Chapter in this post:
In the "Objective-See" blog I found a message that could be of interest to everyone who uses an M1 Mac with the new Apple Silicon instead of an Intel processor. Because the first native malware now appears to be available for the M1 chip. Accordingly, the title of the blog post with a pun is "Arm'd & Dangerous - malicious code, now native on apple silicon". I have compiled details on the topic for you in German below.
Background to M1 malware, the malware for new Macs
New Apple computers do not run with an Intel chip, but with Apple's own SoC (System on a Chip). This combination of processor (CPU), graphics processor (GPU), neural engine, secure enclave and the like is currently in the first generation known as the M1 chip. It supports a so-called arm64 (AArch64) Instruction Set Architecture (ISA). And this is exactly what the new malware is based on, which means that it was explicitly programmed as arm64 binary for macOS - and thus probably represents the first official malware for the new Apple computers.
In particular, what has already been mentioned above Blog from Objective-See the malware or Adware Mentioned "GoSearch22" injected into new Apple M1 computers via the Mac App Store. The corresponding certificate, which Apple Store apps receive, has already been withdrawn and the infected app has been removed from the range. However, the research method used to find GoSearch22 (see below) shows that some users or their computers have already been infected with it. But that's not all: The code was created as a multiplatform solution, so it can also run on Intel Macs.
How Patrick Wardle found the M1 malware
The blog post at Objective-See comes from Patrick Wardle, who was actively looking for malware that was specially created for the MacBook Pro, MacBook Air and Mac Mini from November 2020. To do this, he used a tool in which malware that is already known and detected by antivirus programs is cataloged. In addition to the search filter for at least two previous messages, he specifically looked for 64-bit code with an ARM structure that uses the Mach-O type. Wardle also looked for certified software (tag: signed) to track down store apps.
There were a total of 255 hits, but only because iOS and iPadOS apps naturally also appear in the search results with the search filters mentioned. Because Apple's own SoC in mobile devices are also ARM chips that are based on a 64-bit architecture. So after all mobile apps had been sorted out and it was ensured which hits were intended for the Apple Mac, only the GoSearch22 malware remained. If you are interested in the whole approach and you are not averse to the English language, I recommend you to read the entire post from 14.02.2021/XNUMX/XNUMX on the Objective-See blog.
Will old malware also run on my new Mac?
Now one could quickly conclude that there is very little malware for the new M1 Macs (apparently only one known piece of malware) and that these computers are therefore particularly secure. But that's not entirely true. Because thanks Rosette 2, Apple's own emulator for x86_64 apps for Intel chips, code that was actually made for older Macs can of course also be "translated". That's why apps and tools that aren't made natively for Apple Silicon, but rather for the Intel architecture, also work on the new computers. In addition to benign programs, this also applies to those who have no good in mind. So stay alert ;)
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.
Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.