Patrick Wardle is a legend in the Apple ecosystem, and one of the best independent security researchers out there.

Not long ago, he sang Apple’s praises for the security of their M1 processor.

More recently however, he made a rather disturbing discovery, finding malware in the wild that specifically targets the new chip.

Wardle had this to say about the matter:

“Today we confirmed that malicious adversaries are indeed crafting multi-architecture applications, so that their code will natively run on M1 systems. The malicious GoSearch22 application may be the first example of such natively M1 compatible code.

The creation of such applications is notable for two main reasons. First (and unsurprisingly), this illustrates that malicious code continues to evolve in direct response to both hardware and software changes coming out of Cupertino.

There are a myriad of [sic] benefits to natively distributing native arm64 binaries, so why would malware authors resist? Secondly, and more worrisomely, (static) analysis tools or anti-virus engines may struggle [to detect this].”

Unfortunately, a number of antivirus solutions that can detect this malware on Intel machines are unable to spot the Apple Silicon M1 variant. If there’s a silver lining though, it lies in the fact that Apple moved quickly and revoked the developer’s certificate. The downside to that is that Wardle was unable to determine whether the binary was notarized or not, but either way, the bottom line is that macOS users were infected by the strain.

All that to say that if you own an M1, you will definitely benefit from the processor’s improved security. It is not, however, a free pass. Hackers have already found a way to design malware to circumvent the improved security and where there’s one, you can bet there will be more to follow, so don’t let your guard down.

Leave a Reply

Your email address will not be published.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*