Now that Apple has officially started the transition to Apple Silicon, so has malware.
Security researcher Patrick Wardle published a blog detailing that he found a malicious program called GoSearch22, an extension of the Safari browser that was reworked for Apple’s M1 processor. (The extension is a variant of the Pirrit adware family, which is notorious on Macs.) In the meantime, a new report from Wired it also cites other security researchers who found other distinct instances of native M1 malware from Wardle’s findings.
The GoSearch22 malware was signed with an Apple developer ID on November 23, 2020 – not long after the first M1 laptops were first revealed. Having a developer ID means that the malware download would not be triggered by a user Gatekeeper on macOS, which notifies users when an application they are about to download may not be secure. Developers can take the extra step of sending apps to Apple to be authenticated for extra confirmation. However, Wardle notes in his article that it is unclear whether Apple has registered the code with a notary, as the certificate for GoSearch22 has already been revoked. Unfortunately, he also writes that, once this malware was detected in freedom, regardless of whether Apple registered it in a registry office, “macOS users have been infected”.
The program itself appears to behave similarly to its standard adware. As in, if you are infected with it, you will be subject to seeing things like coupons, banners, pop-up ads, surveys and other types of ads that promote obscure websites and downloads. These types of malware also tend to collect your browsing data, such as IP addresses, websites you’ve visited, search queries, etc.
G / O Media can receive a commission
That was to be expected, and no, if you have an M1-powered computer, you shouldn’t panic yet. To take a backup, what happens with the M1 processor is that the chip architecture is based on ARM, whereas previously Apple relied on the Intel x86 architecture. In making the move, Apple promised super fast performance and integrated security. And while we found that M1 chips delivered impressive results in our benchmark tests, it’s also clear that the chip is retained for limited software compatibility. Most of the applications available now are not designed to run natively on the M1 and require Apple’s Rosetta 2, which automatically converts software written for Intel chips into something the M1 can understand. To get the best performance that Apple has promised, you want the software to be optimized for the M1 chip. That’s why developers are working on creating native M1 versions of their software. Of course, malware developers also want their malware to operate at peak capacity on M1 devices.
The good news is that researchers and security vendors are also working to develop methods of detecting M1 malware. According Wired, however, you should expect a little delay in detection rates when trying to find new types of malware. Given this inevitable delay, it is worrying that malware authors have managed to make a quick transition from Intel to Apple Silicon. So far, the native instances of M1 malware that have been found are not significant threats. But! M1 has only been around for a few months and more types of malicious variants are likely to be on the way. Of course, eventually, security vendors will update and update detection tools to keep consumers safe. But in the meantime, if you have a laptop powered by M1, it’s a good idea to reduce your security hygiene and think twice about what you click.