Native M1 Adware making the rounds

I should say, however, technically it's a browser adware worm. Not an m1 virus.

nvm, the browser component is installed by the virus. I misunderstood. :/
 
Last edited:
The distinction is that it's built to run natively on M1.
Yeah, after reading further into it, I realized I misunderstood what the virus does and how it's installed.

Don't know if you can say it's built for the M1, though. There are a lot of different aarch64 SoCs out there, and (as long as the supporting libraries are present) a binary for one SoC may be ran on another SoC, regardless of who made it or whether it was a laptop, phone, etc..

It was clearly made to run on an apple device, though, as it was signed with an apple certificate.
 
so has anyone benchmarked said adware on M1 vs x86 to see how much faster and energy efficient it is on M1?
 
It's funny to see people pointing out the developer ID as if it's a bad thing... it's the very thing that makes this a non-issue! Apple just had to revoke permissions for it.

Of course, you don't need one of those IDs to write Mac apps. I'm honestly baffled why someone with less than good intentions would attach one to their code.
 
It's funny to see people pointing out the developer ID as if it's a bad thing... it's the very thing that makes this a non-issue! Apple just had to revoke permissions for it.

Of course, you don't need one of those IDs to write Mac apps. I'm honestly baffled why someone with less than good intentions would attach one to their code.
The use of a valid appID is what allows it to bypass a lot of the warnings. Try installing an app on a Mac that doesn’t have one and you will get 2-3 pop ups warning you that the developer and the source are untrusted and that you are advised against installing it.
 
The use of a valid appID is what allows it to bypass a lot of the warnings. Try installing an app on a Mac that doesn’t have one and you will get 2-3 pop ups warning you that the developer and the source are untrusted and that you are advised against installing it.
Oh, that's no doubt the rationale... it just seems short-sighted, like a quick cash grab before the developer gets banned.
 
Oh, that's no doubt the rationale... it just seems short-sighted, like a quick cash grab before the developer gets banned.
Probably, all they need to do is make more money with it than the developer registration cost and blam profit. Then create a new developer ID rinse and repeat making minor tweaks along the way until they manage to get a variant out that goes weeks or months with out detection or they close the hole and they start from scratch. Depending on where in the world the developer lives a what would be considered pocket change by us could be a pretty comfortable living.
 
Back
Top