The other day, a second malware was discovered that runs natively on a Mac with an M1 chip, but Apple is reportedly taking steps to prevent further spread.
In response to this incident, Apple has told MacRumors that it has revoked the certificate of the developer account for signing the package and prevented other Macs from being infected anymore. Apple has also stated that Red Canary has repeatedly found no evidence that the malware delivered a malicious payload to infected Macs.
Apple has a Notarization system for apps distributed outside the App Store (so-called stray apps). This requires developers to submit their apps to Apple and notarize them for malicious content and code. An unnotarized app is blocked by the macOS security mechanism Gatekeeper and cannot be started, and if the developer account certificate is revoked, it can be prevented from starting after the fact.
The notarization system started with macOS Mojave 10.14.5 in May 2019, and the requirements have been tightened since February 2020 after the grace period has been set.
By the way, as a side effect, when the Mac application starts, it goes to the notary server to check, so when the load is concentrated on the server, it takes an abnormally long time to start the application, or it can not be started at all. There is.
Some studies have shown that while malware that runs natively on the M1 Mac can be easily created by simply compiling an existing one, most antivirus software has not been able to detect it. We hope that the notarization system and Gatekeeper will contain any threat to the M1 Mac (and future Apple silicon-powered models).
Rachel Maga is a technology journalist currently working at Globe Live Media agency. She has been in the Technology Journalism field for over 5 years now. Her life’s biggest milestone is the inside tour of Tesla Industries, which was gifted to her by the legend Elon Musk himself.