Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label M1 Chip. Show all posts
Windows
Apple Linux M1 Chip macOS malware Windows

Cybercriminals Unleashing Malware for Apple M1 Chip

 

Apple Macs are becoming more popular in the workplace, and the number of malware variants targeting macOS is increasing as well. However, the M1, Apple's new system-on-a-chip, has produced a new generation of macOS-specific malware that anti-malware tools, threat hunters, and researchers must swiftly learn to recognize and, eventually, fight. Historically, most macOS malware has been reused from Windows malware variants. But when employees built up home offices as a result of the pandemic's shift to work-from-home, more Macs entered the industry, making them a more valuable target for attackers targeting enterprises. 

Apple's new ARM64-based microprocessor, the M1, has already witnessed an increase in malware types created expressly for it, according to Mac security specialist Patrick Wardle. "As attackers evolve and change their ways, we as malware analysts and security researchers need to stay abreast of that as well.” In 2020, around half of all macOS malware, such as adware and nation-state attack code, may have migrated from Windows or Linux. 

M1 offers faster and more efficient processing, graphics, and battery life, and is now available in Apple's new Macs and iPad Pro. It also has several new built-in security mechanisms, such as one that protects the computer from remote exploitation and another that protects physical access. 

According to a recent Malwarebytes survey, Windows malware detections are down 24% among business users, while Mac malware detections are up 31%. Wardle discovered in his research that when he separated the binaries for macOS malware into two categories, one for Intel-based Macs and the other for M1-based Macs, anti-malware systems detected the Intel-based malware more successfully than the M1-based malware, despite the fact that the binaries are "logically the same." 

For the M1 malware, their detection rate dropped by 10%. That's a clue, he says, that existing antivirus signatures are mostly for the Intel edition of the macOS malware, rather than the M1 variant. Because static analysis alone can fail, detections should also use behavior-based technology. 

It's a matter of honing malware analysts' and threat hunters' skills to the new Apple silicon, he says. With reverse-engineering abilities and an awareness of the ARM64 instruction set, he says he wants to "empower Mac analysts, red teams, and everyone in cybersecurity." Wardle says, "The M1 system actually does significantly improve security at the hardware level, but it's transparent to the everyday user."
Read more »
malware
Apple iOS M1 Chip Mac OS malware

Malware Affecting Apple’s New M1 Chip Detected by Researchers

 

MAC malware has relatively been a less popular choice than its equivalents for Windows attacks, but the vulnerability to Apple computers has been more prevalent in the last few years. There are adware and even Mac-customized malware, and attackers still try to bypass Apple's new protections. Hackers have now made their debut in malware programmed to run Apple's latest M1 ARM processors, launched in November for MacBook Pro, MacBook Air, and Mac Mini. 

Apple's M1 chip is a divergence since 2005 from the Intel x86 architecture, which provides Apple a chance to bake some Mac security safeguards and functionality directly to its processors. This transition allowed legitimate developers to create the software version that runs on M1 "natively" and does not require translating via an Apple emulator named Rosetta 2. 

As per a blog published on 14th February by Mac security researcher Patrick Wardle, a Safari adware extension, originally written for Intel x86 chips, was modified to operate on new M1 chips. The malicious GoSearch22 extension has been traced to the Pirrit Mac adware family, according to Wardle. 

Researchers from the Red Canary along with the Pirrit Mac adware have written a blog on another strain of malware – Silver Sparrow – which varies from the one detected by Wardle. Although Silver Sparrow has not yet released malicious packages, the Red Canary researchers have confirmed that they are able to discharge malicious payloads at a time. Silver Sparrow compromised 29,139 macOS endpoints, including the high identification volumes in the U.S.A., the United Kingdom, Canada, France, and Germany, on February 17 in 153 countries, based on data from Malwarebytes given to Red Canary.

Kevin Dunne -President of Greenlight, said malware developers' capability to reverse engineer the M1 chip is only three months. Although the malware only has a minimum footprint, Dunne said that it will likely grow with time to harness more vectors of attack. 

“Once bad actors have control of the physical device, they can use that device as an access point to the networks that machine is connected to, either physically or via VPN,” Dunne said. “This reinforces the need for additional protection at the application layer, to constantly assess activity within those applications for unusual behaviour and mitigate potential risks in real time.”

Malware manufacturers and dealers are developing advanced devices and software with the way they produce and sell them, and so are the legal businesses, Jon Gulley, a security test application at nVisium added. 

For now, researchers have found that the native M1 malware doesn't appear to be an incredibly dangerous threat. However, the advent of these new strains is a sign of the future and of the need for detective devices to close the void.
Read more »
Subscribe to: Posts (Atom)