Over the past week, some M1 Mac users have been reporting alarming SSD health readings, suggesting that these devices are writing extraordinary amounts of data to their drives. From a report: Across Twitter and the MacRumors forums, users are reporting that M1 Macs are experiencing extremely high drive writes over a short space of time. In what appear to be the most severe cases, M1 Macs are said to be consuming as much as 10 to 13 percent of the maximum warrantable total bytes written (TBW) value of its SSD. Flash memory on solid-state drives, such as those used in Macs, can only be written to a certain number of times before they become unstable. Software ensures that load is spread evenly across the drive's memory cells, but there is a point when the drive has been written to so many times that it can no longer reliably hold data. So while SSD wear is normal, expected behavior, drives should not be exhausting their ability to hold data as quickly as some M1 Macs seem to be. One user showed that their M1 Mac had already consumed one percent of its SSD after just two months, while another M1 Mac with a 2TB SSD had already consumed three percent. The total data units written for these machines is running into many terabytes, when they would normally be expected to be considerably lower.

Long-time Slashdot reader b0s0z0ku quotes Ars Technica: A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware's ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Also curious, the malware comes with a mechanism to completely remove itself, a capability that's typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists. Besides those questions, the malware is notable for a version that runs natively on the M1 chip that Apple introduced in November, making it only the second known piece of macOS malware to do so...

The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany.
Red Canary, the security firm that discovered the malware, has named it "Silver Sparrow." Long-time Slashdot reader Nihilist_CE writes: First detected in August of 2020, the Silver Sparrow malware is interesting in several unsettling ways. It uses the macOS Installer Javascript API to launch a bash process to gain a foothold into the user's system, a hitherto-unobserved method for bypassing malware detection. This bash shell is then used to invoke macOS's built-in PlistBuddy tool to create a LaunchAgent which executes a bash script every hour. This is the command and control process, which downloads a JSON file containing (potentially) new instructions.

Besides the novel installation method, Silver Sparrow is also mysterious in its payload: a single, tiny binary that does nothing but open a window reading "Hello, World!" (in v1, which targets Intel Macs) or "You did it!" (in v2, which is an M1-compatible fat binary). These "bystander binaries" are never executed and appear to be proofs-of-concept or placeholders for future functionality.

In a company blog post Thursday, Microsoft released more details about the new, flat-price version of its Office productivity software coming later this year. The company emphasized that while its main focus remains in its subscription offering, Microsoft 365, it will release the one-time purchase Office 2021 for those who aren't ready to move to the cloud. From a report: Office 2021 will arrive in two versions: one for commercial users, called Office LTSC (which stands for Long Term Servicing Channel), and one for personal use. Office LTSC will include enhanced accessibility features, performance improvements across Word, Excel and PowerPoint, and visual improvements, like dark mode support across apps. It's meant for specialty situations, as opposed to for an entire organization, such as process control devices on the manufacturing floor that are not connected to the internet. More details about pricing and new features for the commercial version and the personal version will be announced when Office 2021 is closer to general availability. Both will have both Windows and Mac versions, and will ship with the OneNote app. They will also ship both 32- and 64-bit versions, according to the post. Microsoft will support the software for five years, and said it does not plan to change the price at the time of release.

New numbers show 2020 was the first year that Chromebooks outsold Macs, posting impressive market share gains at the expense of Windows. From a report: Computers powered by Google's Chrome OS have outsold Apple's computers in individual quarters before, but 2020 was the first full year that Chrome OS took second place. Microsoft's Windows still retained majority market share, but also took a big hit as both Chrome OS and macOS gained share. The milestone is based on numbers provided by IDC, which doesn't typically break out sales based on device operating system. But when we went looking to see how the pandemic may have impacted the PC market, IDC analyst Mike Shirer confirmed the findings to GeekWire. This is a big win for Google and a warning for both Apple and Microsoft. It also signals to app and game developers that Chrome OS can no longer be ignored. Frankly, any business that provides a product or service over the internet should be setting aside resources to ensure the Chrome OS experience is comparable to Windows and macOS.

If you're one of the few people still using a PC with an x86 processor more than 15 years old, here's another reason to upgrade: the devices will not work with future Chrome releases, starting with version 89 of the world's most popular browser. TechSpot reports: The Chromium development team announced that CPUs older than the Intel Core 2 Duo and AMD Athlon 64 would not work with Chrome 89 and future versions as they do not meet the new minimum instruction set requirement of SSE3 (Supplemental Streaming SIMD Extensions 3) support. So, if you are still sporting an Intel Atom or Celeron M CPU, you'll soon be counting Chrome as one of the many programs that are incompatible with your potato-like rig. The devices will no longer attempt to install the browser, while running it will result in the software crashing. It's noted that the change only affects Windows as Chrome OS, Android and, Mac already require SSE3 support.

PCWorld reviews Intel's recently-released benchmarks claiming Apple's M1 isn't faster than their 11th gen Core i7-1185G7 processor, among other things. Here are the claims Intel makes (visit the article to read PCWorld's "take" on each claim): MacBook M1 is slower than Core i7: Intel says in the WebXPRT 3 test, using the same version of Chrome for both the Core i7 system as well as the Arm-native MacBook, Intel takes the lead. The Intel chip was largely ahead in WebXPRT 3, and the x86 chip was nearly three times faster in finishing the photo enhancement test. Intel doesn't just use WebXPRT 3, though. It also shows the Core i7 pummeling the M1 in a PowerPoint-to-PDF export, and in multiple Excel macros by a factor of 2.3x. And yes, Intel used the Arm-native versions of Office for its tests.

Core i7 Crushes M1 in AI: For content creation tasks, Intel showed the Core i7 to be about 1.12x faster than the M1 in performing a 4K AVC-to-HEVC/H.265 file conversion. In this benchmark, they had the MacBook using the M1-native version of Handbrake. But the real destruction happens once you get to Topaz Lab's Gigapixel AI and Denoise AI, with the Intel Core chip crushing the M1 in AI-based noise removal and enlargement. Or maybe "crushing" is too nice a term, as it's more like the Core i7 outpaces the M1 by so much, the M1 wishes it had never been designed.

M1 doesn't support all the features: Intel also gives itself the lead in Adobe Premiere Pro, using the beta M1 native version in Auto Reframe, exporting to H.264 and H.265. They're decent wins, but come on, the code is still in beta for the Mac. That said, Intel points out that important features like Content Aware Fill are outright disabled on the beta version, and that's a concern. If the native version of Photoshop comes out, and there are critical features missing from it, that's a huge problem for Apple (and Adobe).

You can't be faster if you can't run it: For gaming, we see a bit of a back and forth between the Apple M1 and Core i7 in games that actually work on the MacBook. Intel doesn't let it end there, though, and decides to embarrass Apple further by showing the numerous games where the MacBook scores a 0 because game support just doesn't exist. Intel points out that "countless more" games "don't run on the M1," and then for good measure, it rushes Apple's bench with a list 10 more games you can't play on the M1 MacBook: Overwatch, Crysis Remastered, Halo MCC, Red Dead Redemption 2, PUBG, Monster, Hunter World, Doom Eternal, Microsoft Flight Simulator 2020, Apex Legends, and Rainbow Six Siege.

MacBook wouldn't win Evo certification: You know that fancy Intel Evo program that tries to improve laptop performance in key areas that annoy consumers? Well, Intel pretty much says that if Apple submitted the M1 MacBook to the same program that Asus, Dell, HP, Lenovo, MSI, Acer and others go through, it would be rejected. The reason? Intel says the M1 MacBook is too slow in doing things that anger consumers, such as "switch to Calendar" in Outlook, "start video conference Zoom" and "select picture menu" in PowerPoint.

Great battery life?: Perhaps the most shocking claim Intel showed deals with battery life. While performance tests can be cherry picked by those looking to prove an outcome, battery life usually can't be disputed. Apple's official claim gives the M1 MacBook up to 18 hours of battery life using Apple TV app to watch a 1080p video with the brightness set to "8 clicks from the bottom." Apple also claims up to 15 hours browsing 25 "popular" websites with the same "8 clicks" criteria. When Intel pitted a MacBook Air M1 against an Acer Swift 5 with a Core i7-1165G7, however, it found both basically dead even. The MacBook Air came in at 10 hours and 12 minutes, and the Acer Swift 5 lasted 10 hours and 6 minutes. The difference? Intel said it used Safari to watch a Netflix stream with tabs open with the screen set to a relatively bright 250 nits. On the Acer, Safari was subbed out for Chrome, but the brightness and Netflix remained the same. Intel did add that Apple's "8 clicks up" is about 125 nits of brightness on the MacBook Air which is pretty dim.

All kinds of things just don't work on the M1: Intel didn't just get into the performance of the M1. It also said it found the MacBook Pro had serious shortcomings, such as an inability to use more than one display with a Thunderbolt dock. And while the PC can use gaming headsets, eGPUs, a third-party finger print reader, Wacom Drawing tablet and Xbox Controller, Intel said it found the MacBook Pro simply doesn't work with eGPUs, and had multiple issues with other devices. That's just hardware incompatibility. Intel's rap battle with Apple also highlights issues with plug-ins for Ableton, Bitwig Studio, Avid Pro Tools, FL Studio, Motu and many others.

It's been estimated that there are 24 million developers in the world. 14 million of them now use Microsoft's Visual Studio Code (VS Code) as their IDE, reports ZDNet, with five million new users arriving in 2020.

Julia Liuson, corporate vice president of Microsoft's developer division, tells them why: "The strategy for VS Code is really to support our any, any, any strategy. You can be a developer working with any programming language, working on any operating system and develop any kind of software." VS Code runs on macOS, Windows 10, and multiple distributions of Linux, it supports Arm64 on Linux, and runs on Raspberry Pi and Chromebooks. It's also available in preview form
Part of VS Code's popularity is the breadth of language extensions for C++, C#, Python and various Python libraries for data scientists, Java, and JavaScript/Typescript... "We have almost two million Python developers using VS Code and well over a million C++ developers using VS Code," said Liuson. "And even our Java usage is approaching one million...."

Liuson also talked about Microsoft's inner source approach to software development. The company doubled down on inner source in 2019, and recently highlighted its inner-source approach as a factor that mitigated the threat of the SolarWinds hackers accessing its source code. Microsoft didn't make up the term inner source and the approach means taking open-source development practices and applying them inside a single organization. GitHub and GitHub's Enterprise Server fits snuggly with this approach to help organizations collaborate but do so in private.

"Inner source means if you have private IP, but you're inviting other teams within the company to collaborate with you. That's the fundamental difference between open source and inner source. Today, it's very common in large enterprise..."

An anonymous reader quotes a report from Ars Technica: Homebrew now supports Apple Silicon natively, albeit not with every package. The volunteer Homebrew team made the announcement on the Homebrew blog alongside today's release. While the native support is not yet comprehensive, it bridges the gap significantly, and users can still run Terminal via Rosetta 2 to do what they can't yet while running natively on Apple Silicon. The Homebrew blog post says "we welcome your help" in providing bottles for all packages moving forward.

Here's the full bullet point on Apple Silicon in the Homebrew 3.0.0 release notes: "Apple Silicon is now officially supported for installations in /opt/homebrew. formulae.brew.sh formula pages indicate for which platforms bottles (binary packages) are provided and therefore whether they are supported by Homebrew. Homebrew doesn't (yet) provide bottles for all packages on Apple Silicon that we do on Intel x86_64 but we welcome your help in doing so. Rosetta 2 on Apple Silicon still provides support for Intel x86_64 in /usr/local."

DDoS-for-hire services have found a way to abuse Plex Media servers to bounce junk traffic and amplify distributed denial of service (DDoS) attacks, security firm Netscout said in an alert this week. From a report: The company's alert warns owners of devices that ship with Plex Media Server, a web application for Windows, Mac, and Linux that's usually used for video or audio streaming and multimedia asset management. The app can be installed on regular web servers or usually ships with network-attached storage (NAS) systems, digital media players, or other types of multimedia-streaming IoT devices. Netscout says that when a server/device running a Plex Media Server app is booted and connected to a network, it will start a local scan for other compatible devices via the Simple Service Discovery Protocol (SSDP). The problem comes when a Plex Media Server discovers a local router that has SSDP support enabled. When this happens, the Plex Media Server will add a NAT forwarding rule to the router, exposing its Plex Media SSDP (PMSSDP) service directly on the internet on UDP port 32414. Since the SSDP protocol has been known for years to be a perfect vector to amplify the size of a DDoS attack, this makes Plex Media servers a juicy and untapped source of DDoS bots for DDoS-for-hire operations.

Apple's latest iPhones stuck with Face ID as the singular method of biometric authentication in an era when people are wearing face masks everywhere they go. This inevitably means having to enter your passcode constantly throughout the day. But Apple has come up with a stopgap solution that should make it easier to get into your phone during mask life -- as long as you've got an Apple Watch. From a report: As first reported by Pocket-lint, the new iOS 14.5 update, which went into beta today, uses the Apple Watch on your wrist to quickly authenticate and unlock your iPhone. Apple already offers this convenient trick on the Mac, but now it's coming to the iPhone as well. It works similarly here. You lift your iPhone to turn on the screen, and you'll feel a little nudge of haptic feedback on your Apple Watch to indicate that your iPhone has been unlocked. The devices must be in close proximity for this to work in the first place, which is a measure to keep your data secure. (If the Apple Watch is locked, this won't work either.) And this Apple Watch shortcut is only good for unlocking your iPhone; App Store and iTunes purchases will still require other authentication if your face is covered. And as a final security check, you'll still be asked to put in your passcode every few hours even when unlock with Apple Watch is enabled.

Apple yesterday released a new version of iCloud for Windows 10, and based on multiple reports and the update's release notes, it appears Apple is introducing an iCloud Passwords extension designed for Chrome, which will allow "iCloud" Keychain passwords to be used on Windows machines. MacRumors reports: As noted by The 8-Bit and a few other sources, the update adds support for an "iCloud" Passwords Chrome extension." After installing version 12 of "iCloud" for Windows, there's a new "Passwords" section in the app with an "iCloud" Keychain logo. When attempting to use the feature, though, the "iCloud" app prompts users to download a Chrome extension, but the extension is broken and clicking to install leads to a broken web page.

This is likely a bug that will be addressed in the near future, and it sounds like when it is functional, Windows users will be able to access their "iCloud" Keychain passwords on their Windows machines through the Chrome browser. It's not clear if Apple will offer this extension for Mac machines in the future as well, and it appears to be limited to Windows at this time.

Microsoft has a habit of reigniting the Mac vs. PC conflict for its Surface ads, and this time it's going after Apple's Touch Bar. In a new TV commercial, aired during Sunday night's NFL championship games, Microsoft pits Apple's MacBook Pro against the company's Surface Pro 7. It's a chance for Microsoft to mock Apple's Touch Bar in a TV commercial for the first time. From a report: "Mac gave me this little bar, but why can't they just give me a whole touchscreen?" asks a boy comparing the two laptops. That's something that some MacBook Pro users have been calling for, or just the removal of the Touch Bar altogether. Apple is now reportedly planning a redesign for the MacBook Pro later this year, with the Touch Bar rumored to be replaced by physical function keys. Elsewhere in the ad, Microsoft tries to position the Surface Pro 7 as a gaming device. "It is a much better gaming device," claims the ad, which is an unusual way to frame Microsoft's popular Surface device.

Google released Chrome 88 this week — and besides improving its dark mode support, they removed support for both Adobe Flash and FTP.

PC World calls it "the end of two eras." The most noteworthy change in this update is what's not included. Chrome 88 lays Adobe Flash and the FTP protocol to rest. RIP circa-2000 Internet.

Neither comes as a surprise, though it's poetic that they're being buried together. Adobe halted Flash Player downloads at the end of 2020, making good on a promise made years before, and began blocking Flash content altogether a couple weeks later. Removing Flash from Chrome 88 is just Google's way of flushing the toilet.

On the other hand, FTP isn't dead, but it is now for Chrome users. The File Transport Protocol has helped users send files across the Internet for decades, but in an era of prolific cloud storage services and other sharing methods, its use has waned. Google started slowly disabling FTP support in Chrome 86, per ZDNet, and now you'll no longer be able to access FTP links in the browser. Look for standalone FTP software instead if you need it, such as FileZilla.

That's not all. Mac users should be aware that Chrome 88 drops support for OS X 10.10 (OS X Yosemite). Yosemite released in 2014 and received its last update in 2017...

But Google killing Flash and FTP might be the footnotes that hit old-school web users in the feels.
Chrome 88 will also block non-encrypted downloads originating from an encrypted page, the article reports. And the Verge notes Chrome also offers less intrusive website permission requests (as an experimental feature enabled from chrome://flags/#permission-chip ), while Bleeping Computer describes Chrome 88's new experimental feature for searching through all your open tabs.

And Chrome's blog points out some additional features under the hood: Chrome 88 will heavily throttle chained JavaScript timers for hidden pages in particular conditions. This will reduce CPU usage, which will also reduce battery usage. There are some edge cases where this will change behavior, but timers are often used where a different API would be more efficient, and more reliable.

According to Bloomberg, Apple is working on a thinner and lighter version of the MacBook Air, the company's mass-market laptop. From the report: The new computer is planned to be released during the second half of this year at the earliest or in 2022. It will include Apple's MagSafe charging technology and a next-generation version of the company's in-house Mac processors. Apple has discussed making the laptop smaller by shrinking the border around the screen, which will remain 13-inches. The current model weighs 2.8 pounds and is just over half an inch at its thickest point.

The company considered building a larger version of the MacBook Air with a 15-inch screen, but Apple isn't moving forward with this for the next generation, said the people, who asked not to be identified discussing private matters. An Apple spokeswoman declined to comment. The new model will have a pair of USB 4 ports for connecting external devices. The new laptop is destined to be a higher-end version of the current MacBook Air, which is expected to remain in the company's lineup as an entry-level offering. Apple last updated the product in November with its own M1 Mac chip, replacing a processor from Intel Corp. Last Friday, Bloomberg reported on Apple's upgraded MacBook Pro laptops that are expected to be released later this year. They too will feature MagSafe charging, but unlike the MacBook Air, Apple's planning to bring back an SD card slot so users can insert memory cards from digital cameras. The Touch Bar is also going.

Beeper is a forthcoming app from the founder of Pebble that claims to be a hub for all your messaging services, including support for iMessage on Android. Gizmodo reports: Instead of managing half a dozen apps for keeping in touch with friends, family, and co-workers, Beeper allows you to funnel everything to one interface. According to its website, the app supports 14 external messaging platforms as well as its own Beeper network. But the company's claim that it brings iMessage to Android, Windows, or Linux devices could be a killer feature for anyone who's suffered through the embarrassment of the green bubble.

Apple likes to keep its in-house products exclusive to its own hardware, so this claim is a bit surprising, but Beeper says it's figured out a workaround. On its website, it explains: "Beeper has two ways of enabling Android, Windows and Linux users to use iMessage: we send each user a Jailbroken iPhone with the Beeper app installed which bridges to iMessage, or if they have a Mac that is always connected to the internet, they can install the Beeper Mac app which acts as a bridge. This is not a joke, it really works!"

Okay, the part about using an always-connected Mac as a bridge is not unprecedented, but the idea of sending users jailbroken upcycled iPhones is a little bonkers. Eric Migicovsky, founder of the Pebble smartwatch company and partner at Beeper, took to Twitter to insist that the jailbreak plan is legit and that he currently has 50 iPhone 4s ready for the task. In an update, Migicovsky tells Gizmodo that "Beeper encrypts all messages on the client before they reach our servers. We cannot decrypt any message contents."

The services compatible with Beeper include: Whatsapp, Facebook Messenger, iMessage, Android Messages (SMS), Telegram, Twitter, Slack, Hangouts, Instagram, Skype, IRC, Matrix, Discord, Signal, and Beeper network.

niftydude writes: Developers at ARM virtualisation company Corellium have managed to get Ubuntu 20.04 up and running on the new Apple Silicon Mac Mini. And we're not talking 'it boots and prints a load of text' running here. No, this is the full Ubuntu desktop experience -- and it's already being described as "completely usable!"

Pretty impressive, right? Even Linus Torvalds wasn't convinced that Linux M1 support was likely to appear anytime soon. He told ZDnet's Steven J. Vaughan-Nichols that: "...the main problem with the M1 for me is the GPU and other devices around it, because that's likely what would hold me off using it because it wouldn't have any Linux support unless Apple opens up." Not that he was entirely wrong, mind. GPU support is indeed a current sticking point in Correllium's Linux for M1 effort. It doesn't (yet) include M1 GPU support meaning 'graphics' handling is done via software rendering.

Apple's first crack at a headset is designed to be a pricey, niche precursor to a more ambitious augmented reality product that will take longer to develop, Bloomberg reported Thursday, citing people with knowledge of the matter. From the report: The initial device has confronted several development hurdles and the company has conservative sales expectations, illustrating how challenging it will be to bring this nascent consumer technology to the masses. As a mostly virtual reality device, it will display an all-encompassing 3-D digital environment for gaming, watching video and communicating. AR functionality, the ability to overlay images and information over a view of the real world, will be more limited. Apple has planned to launch the product as soon as 2022, going up against Facebook's Oculus, Sony's PlayStation VR and headsets from HTC, the people said. They asked not to be identified discussing private plans.

Apple's typical playbook involves taking emerging consumer technology, such as music players, smartphones, tablets and smartwatches, and making it reliable and easy to use for everyone. This time, though, Apple isn't looking to create an iPhone-like hit for its first headset. Instead, the company is building a high-end, niche product that will prepare outside developers and consumers for its eventual, more mainstream AR glasses. The plans suggest that Apple's first headset will be far more expensive than those from rivals, which cost about $300 to $900. Some Apple insiders believe the company may sell only one headset per day per retail store. Apple has roughly 500 stores, so in that scenario, annual sales would be just over 180,000 units -- excluding other sales channels. That would put it on par with other pricey Apple products, such as the $5,999 Mac Pro desktop computer.

Apple has plugged a hole that allowed users to sideload iOS and iPad applications to M1 Macs that were never intended to run on desktop. The server-side change ensures that only applications that app developers have flagged as optimized for Mac will run. From a report: Late last year, Apple launched its first Macs running on its own ARM-based custom CPU called the M1, as opposed to the Intel chips that have been used in Macs for several years. These new machines included the entry-level 13-inch MacBook Pro, the MacBook Air, and the low-end Mac mini. Since those machines now share an architecture with iPhones and iPads, which also have closely related ARM-based chips, it became possible to run iOS and iPadOS apps natively on Macs that were equipped with the M1 chip. Apple supported this by listing iPhone and iPad apps that passed an automated test on the Mac App Store, provided developers did not opt out of having the app listed. However, many developers did opt out for any number of reasons: because they did not feel the app provided a good user experience on laptops or desktops; because they offer preferred alternative ways to access services or content on Macs; because they don't have the time to support an additional platform; or any number of other reasons.

At WWDC last year, Apple announced it was going to support Chrome-style browser extensions (the WebExtensions API) in Safari. Months after Safari 14's release, are developers bothering with Safari? Jason Snell: The answer seems to be largely no -- at least, not yet. The Mac App Store's Safari extensions library seems to be largely populated with the same stuff that was there before Safari 14 was released, though there are some exceptions. [...] So in the end, what was the net effect of Apple's announcement of support for the WebExtensions API in Safari? It's a work in progress. A very small number of extensions have appeared in the App Store, and it seems quite likely that others will follow at their own pace. Other developers remain utterly unmoved by all the extra work moving to Safari would entail. It strikes me that Apple could rapidly drive adoption of Safari extensions if it would finally bring that technology to iOS. Targeting the Mac is nice, but if they could target iPads and iPhones, we might really have something.

An anonymous reader quotes a report from ZDNet: For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) games and software such as League of Legends and Microsoft Office for Mac, security firm SentinelOne said in a report published this week. But the cryptominer did not go entirely unnoticed. SentinelOne said that two Chinese security firms spotted and analyzed older versions of the OSAMiner in August and September 2018, respectively. But their reports only scratched the surface of what OSAMiner was capable of, SentinelOne macOS malware researcher Phil Stokes said yesterday.

The primary reason was that security researchers weren't able to retrieve the malware's entire code at the time, which used nested run-only AppleScript files to retrieve its malicious code across different stages. As users installed the pirated software, the boobytrapped installers would download and run a run-only AppleScript, which would download and run a second run-only AppleScript, and then another final third run-only AppleScript. Since "run-only" AppleScript come in a compiled state where the source code isn't human-readable, this made analysis harder for security researchers.