"Malware Is Now Targeting Apple's New M1 Processor"

Hackers are increasingly targeting Apple computers, with adware and ransomware being tailored to Macs, and attackers stepping up their efforts to evade Apple's latest defenses. Malware authors are already targeting Apple's new ARM-based M1 processors released in November 2020 for the MacBook Pro, MacBook Air, and Mac Mini. Mac security researcher Patrick Wardle has published a report detailing findings of a Safari adware extension, originally made for Intel x86 chips, that has now been updated to run on the new M1 processor. The malicious extension called GoSearch22 is a member of Pirrit, one of the most active, oldest, and continually evolving Mac adware families. The adware sample poses as a legitimate Safari browser extension while it collects user data and serves illicit ads such as banners and popups that redirect users to other malicious sites. The malicious Safari extension has anti-analysis features, including logic to circumvent debugging tools. The ARM-M1 version of the adware is also harder for certain defensive tools like antivirus engines to detect than the Intel x86 version despite the code being logically identical. According to Wardle, the adware was signed with an Apple developer ID in November, but it has since been revoked by Apple. Researchers from the security firm Red Canary have also reported their discovery and investigation of native M1 malware that appears to be different from Wardle's findings. These discoveries show that malware authors will continue to evolve and adapt as advancements in Apple's hardware and software occur. The native M1 malware that researchers have discovered does not seem to be a highly dangerous threat in itself, but its emergence does indicate that there is more to come, calling on the advancement of detection tools. This article continues to discuss researchers' discoveries of new malware strains targeting Apple's new M1 processor. 

Wired reports "Malware Is Now Targeting Apple's New M1 Processor"