Patrick Wardle is one of the most famous security researchers on the MacOS platform. He was also the one who found out that Apple is using MacOS Big Sur to break the built-in firewall for its own services. A few weeks after its discovery, the manufacturer closed the loophole again.
Now Wardle was looking for malware that works natively on M1 Macs, find it. The application called GoSearch22 is based on the Pirrit adware. But in contrast to the evergreen, it has an outstanding advantage for its operator.
The problem: malicious code is not (yet) recognized
Wardle not only identified the code, but also immediately tested whether the usual tools can find him. But despite the logically equivalent binary code, the ARM variant achieved a 15 percent lower recognition rate. In addition, a number of antivirus programs that recognized the x86 variant without any problems remained blind to the ARM version. That means, despite the same kernel, security tools cannot identify the M1-compatible malware.
Malware development keeps pace with Apple
Wardle also proves for pages that this is really an M1 Mac Code and not similar iOS routines. He emphasizes evidence that malicious code is evolving in direct response to hardware and software changes from Cupertino. The source code was created just a few weeks after Apple’s platform premiere. It is not surprising that their developers took care of (re) compiling their software on the ARM platform. This enables you to achieve native compatibility with Apple’s latest hardware.
More on the subject:
- You have to know that about Apple’s M1 chip
- We can count on these Macs and Macbooks this year