Native M1 Adware making the rounds

Nobu

Supreme [H]ardness
Joined
Jun 7, 2007
Messages
5,409
I should say, however, technically it's a browser adware worm. Not an m1 virus.

nvm, the browser component is installed by the virus. I misunderstood. :/
 
Last edited:

Nobu

Supreme [H]ardness
Joined
Jun 7, 2007
Messages
5,409
The distinction is that it's built to run natively on M1.
Yeah, after reading further into it, I realized I misunderstood what the virus does and how it's installed.

Don't know if you can say it's built for the M1, though. There are a lot of different aarch64 SoCs out there, and (as long as the supporting libraries are present) a binary for one SoC may be ran on another SoC, regardless of who made it or whether it was a laptop, phone, etc..

It was clearly made to run on an apple device, though, as it was signed with an apple certificate.
 

sc5mu93

Limp Gawd
Joined
Jul 11, 2018
Messages
439
so has anyone benchmarked said adware on M1 vs x86 to see how much faster and energy efficient it is on M1?
 

Aurelius

2[H]4U
Joined
Mar 22, 2003
Messages
3,123
It's funny to see people pointing out the developer ID as if it's a bad thing... it's the very thing that makes this a non-issue! Apple just had to revoke permissions for it.

Of course, you don't need one of those IDs to write Mac apps. I'm honestly baffled why someone with less than good intentions would attach one to their code.
 

Lakados

2[H]4U
Joined
Feb 3, 2014
Messages
3,613
It's funny to see people pointing out the developer ID as if it's a bad thing... it's the very thing that makes this a non-issue! Apple just had to revoke permissions for it.

Of course, you don't need one of those IDs to write Mac apps. I'm honestly baffled why someone with less than good intentions would attach one to their code.
The use of a valid appID is what allows it to bypass a lot of the warnings. Try installing an app on a Mac that doesn’t have one and you will get 2-3 pop ups warning you that the developer and the source are untrusted and that you are advised against installing it.
 

Aurelius

2[H]4U
Joined
Mar 22, 2003
Messages
3,123
The use of a valid appID is what allows it to bypass a lot of the warnings. Try installing an app on a Mac that doesn’t have one and you will get 2-3 pop ups warning you that the developer and the source are untrusted and that you are advised against installing it.
Oh, that's no doubt the rationale... it just seems short-sighted, like a quick cash grab before the developer gets banned.
 

Lakados

2[H]4U
Joined
Feb 3, 2014
Messages
3,613
Oh, that's no doubt the rationale... it just seems short-sighted, like a quick cash grab before the developer gets banned.
Probably, all they need to do is make more money with it than the developer registration cost and blam profit. Then create a new developer ID rinse and repeat making minor tweaks along the way until they manage to get a variant out that goes weeks or months with out detection or they close the hole and they start from scratch. Depending on where in the world the developer lives a what would be considered pocket change by us could be a pretty comfortable living.
 
Top