Apple M1-based Macs face malware that disguises as Safari extension and collects user data- Technology News, Firstpost


There was a time when Macs were considered safer than Windows but in the past few years, there has been a steady increase that has become a cause of concern. A new malware has been found that is said to be the first such malicious piece of software that targets Apple’s new M1 processors. The M1 chip made its debut last year on the new Mac Mini, MacBook Air, and MacBook Pro. Compared to Intel’s similar chipset, the new ARM-based M1 chip has been praised for its performance.

macOS Big Sur

Apple had transitioned to ARM from Intel’s x86 architecture in 2005 and integrated certain security features right inside the processor. This change in the chip architecture forced developers to make newer versions of the software to run natively on the M1 chipset instead of translating them through Apple’s Rosetta 2 emulator. But according to Wired reports, malware creators have also adapted to this transition.

According to Mac security researcher Patrick Wardles report, the malware can easily adapt and recompile to run natively on the M1 chipset. The first malware found is called ‘GoSearch22’ which apparently is a Safari adware extension that was originally made to run on the Intel x86 chipset.

The adware disguises itself as a legitimate extension of the Safari browser and simultaneously collects user’s data and induces a large number of ads that also included popups and banners that link to malicious websites flooded with more malware. In November 2020, GoSearch22 was signed with an Apple Developer ID but the certificate got revoked. Wardle further suggests that the malware for the M1 chip is still at an early stage and the signatures used to detect threats have not been observed for the most part, which makes it pointless to use an antivirus scanner as a defensive tool. This isn’t the only M1 malware, as researchers from security company Red Canary suggest that there are more such malicious software pieces that are being investigated right now.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *