The famous Mac Safety Specialist Patrick Wardl reported on the detection of Malicious Expansion for Safari, an obsessive way reflecting unwanted ads - GoseArch22. Of the Mac clan of malware and Pirrit extensions. This extension originally developed for Intel Mac is transferred to Apple Silicon and has already appeared on Mac with a M1 chip. In addition, Red Canary, which specializes in computer security, also reported publishing Wired about the discovery of another sample of malicious software written for Apple Silicon, which differs from GoseArch22. How many more viruses and malicious software are on Mac with M1, except for these two, while it is unknown. What is dangerous this find, and, most importantly, how to deal with it?
First virus for Mac with M1
Technically, this is not a virus, but a malicious expansion. GoseArch22 fell into the Virustotal anti-virus platform database in December last year. At Intel Mac, Antivirus warned about the danger of expansion, but on M1 MAC continued to load until the most recently, since antiviruses did not understand the Apple Silicon executable code and could not warn the danger. Patrick Wardl reported on the results of his Apple research, whose specialist responses pleasantly surprised him.
Something changes? Perhaps this is just a special attitude specifically to it. Due to the inattention to his information, someone was already fired. The extension was, as expected, was officially signed on November 23, 2020, a digital signature related to the identifier of the developer, the identity of which is not disclosed. The identifier of this developer is blocked, all signed software is now inoperable.
For the penetration on Mac, old as the world and primitive to disgrace was used, but still effective tactic. The extension with a malicious component was included in the most common and fairly attractive Safari extension. According to Patrick Wordla, the code of the extension itself and its non-good component is written very competently and optimally. Villains carefully learn a new architecture.
GoseArch22 collected information about the computer on which the expansion was established, and shared her with malicious sites.
This component itself will not call something fundamentally - only ways that he penetrated on the user computers. Now the "native" code version for M1 MAC has been added.
MAC Security on M1
Iron M1 MACs and their operating system, due to increasingly strict and boring security measures, consider paranoid. And all the rigor and prohibitions are contrived and useless. In fact, thanks to this paranoia, malicious software is hampered by penetration in MacOS.
One hundred percent protection against viruses and malicious software can be guaranteed only if the computer is not connected to the network, a new software is never installed on it, and even better - it is never included at all. The more difficult and more efficient protection, the developers of malicious software it is more interesting to search and find loopholes in it. Moreover, their work is very well paid. On the emergence of fundamentally new types of malicious software that have not yet been identified by the vulnerabilities in Mac with Apple Silicon inside, while it is not enough - but this is a matter of time.
How to protect yourself from malicious software on Mac
And what to do to us while the genius play this interesting game, for which they also pay well? Recommendations are boring, expected and surely have already been heard in our chat in Telegram. The security level can be changed, in some cases, even in the settings of the operating system, and from the command line you can cancel almost all of them (if you know what and how to cancel). The stringement and more efficient protection, the stronger it prevents living. Even the most severe settings, no matter how sad, complete security is not guaranteed. Weak security settings guarantee trouble. Sooner or later. Selection by the user.
Anti-virus software may not be installed, but at least limit the installation of applications and extensions from dubious sources - yes.
The news that malware does not just threatens macs with Apple Silicon, but even revealed and identified, of course, not happy. But there is in it and something positive. Mac'i with a new architecture also appeared, only three months have passed since their birth, they are still very small, and in some of them there are even no fans. They still suffer from the inevitable new childhood diseases, but smart and cynical authors of malware, in fact, predict this computers a brilliant future. There is no longer anything good in this news.