have only been around for a few months, but it didn’t take long for hackers to start attacking systems. Security researcher Patrick Wardle says he found a malicious application created specifically for.
He said the Safari adware extension, called GoSearch22, was originally designed for Intel x86 processors. It appears to be a variant of the well-known Mac Pirrit adware. Wardle said that the malware looks “pretty simple” – it collects user data and fills the screen with illicit ads – but noted that its developers could update GoSearch22 with more harmful functions.
While new Macs can still run applications designed for Intel x86 chips through emulation, many developers are creating native M1 versions of their software. The existence of GoSearch22, wrote Wardle, “confirms that malware / adware authors are indeed working to ensure that their malicious creations are natively compatible with Apple’s latest hardware”.
Wardle discovered the malware on the VirusTotal antivirus test platform, where someone downloaded it in December. The researcher found that while the platform’s antivirus scanners flagged the x86 version of the adware as malicious, 15% of them did not suspect that the M1 version of GoSearch22 was malware. This suggests that not all antivirus software is fully ready to eradicate malware designed for M1-based systems. Another researcher, Thomas Reed, said Wired that compiling software for “M1 can be as easy as pressing a button in the project settings”, so it appears that hackers may not have to do much to adapt their malware to Apple’s latest processor.
GoSearch22 was signed with an Apple developer ID in November, according to Wardle. However, Apple has revoked the adware certificate, which will make it difficult for users to install it.