![]() What we do know is as this binary was detected in the wild (and submitted by a user via an Objective-See tool) …so whether it was notarized or not, macOS users were infected. Patrick notes that Apple has revoked the certificate at this point so it’s not known if Apple notarized the code. It is also important to note that GoSearch22 was indeed signed with an Apple developer ID (hongsheng yan), on November 23rd, 2020: Hooray, so we’ve succeeding in finding a macOS program containing native M1 (arm64) code …that is detected as malicious! This confirms malware/adware authors are indeed working to ensure their malicious creations are natively compatible with Apple’s latest hardware. An important aspect to find if there was any malware truly optimized for Apple Silicon was to weed out universal apps that are actually iOS binaries.Īfter narrowing things down, Patrick found “GoSearch22” as an interesting find.Īfter passing a few more checks, Patrick was able to confirm this is malware optimized for M1 Macs. ![]() Patrick ended up using a free researcher account with VirusTotal to start his hunt. Using this tool, we can examine a binary to see if it contains compiled arm64 code. One simple way is via the macOS’s built-in file tool (or lipo -archs). At the end of the day, malware is simply software (albeit malicious), so I figured it would make sense that (eventually) we’d see malware built to execute natively on Apple new M1 systems.īefore going off hunting for native M1 malware, we need have to answer the question, “How can we determine if a program was compiled natively for M1?” Well, in short, it will contain arm64 code! OK, and how do we ascertain this? In a highly detailed deconstruction, Patrick shared how he went about finding the new Apple Silicon specific malware and why this matters.Īs I was working on rebuilding my tools to achieve native M1 compatibility, I pondered the possibility that malware writers were also spending their time in a similar manner. The discovery was made by security researcher and founder of Objective-See, Patrick Wardle. Not far behind, what looks like the first malware that’s been optimized for Apple Silicon has been found in the wild. The first Apple Silicon Macs have been out for just a few months and a good portion of popular apps have been updated with native support for the M1 MacBook Air, Pro, and Mac mini. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |