Patrick ended up using a free researcher account with VirusTotal to start his hunt.
Using this tool, we can examine a binary to see if it contains compiled arm64 code. One simple way is via the macOS’s built-in file tool (or lipo -archs).
#BEST MAC CLEANER ANTI MALWARE SOFTWARE#
At the end of the day, malware is simply software (albeit malicious), so I figured it would make sense that (eventually) we’d see malware built to execute natively on Apple new M1 systems.īefore going off hunting for native M1 malware, we need have to answer the question, “How can we determine if a program was compiled natively for M1?” Well, in short, it will contain arm64 code! OK, and how do we ascertain this? In a highly detailed deconstruction, Patrick shared how he went about finding the new Apple Silicon specific malware and why this matters.Īs I was working on rebuilding my tools to achieve native M1 compatibility, I pondered the possibility that malware writers were also spending their time in a similar manner. The discovery was made by security researcher and founder of Objective-See, Patrick Wardle. Not far behind, what looks like the first malware that’s been optimized for Apple Silicon has been found in the wild. The first Apple Silicon Macs have been out for just a few months and a good portion of popular apps have been updated with native support for the M1 MacBook Air, Pro, and Mac mini.