Many people can argue that the Mac is comparatively more secure than Windows. While this is largely true, in recent years there has been a steady increase that has become a cause for concern. New malware has been detected, and is considered the first malicious software targeting Apple’s new M1 processor.
With its debut last year on the new MacBook Pro, MacBook Air and Mac Mini, the new ARM-based M1 chipset has been praised for offering excellent performance compared to similar Intel chipsets. The transition to ARM has allowed Apple to move away from Intel’s x86 architecture since 2005 and integrate certain security features directly into its processors. This architectural change forced developers to make new versions of their software to run natively on the M1 chipset, rather than translating them through Apple’s Rosetta 2 emulator. Unsurprisingly, malware writers have also adapted to this transition, according to a report by Wired.
Mac Security Researcher Patrick Wardle report explains how malware can be easily adapted and recompiled to run natively on the M1 chip. The first M1 malware is apparently an adware extension for Safari called “GoSearch22,” originally designed to run on Intel x86 chips. It is said to be part of the Mac adware family “Pirrit”, one of the oldest and most active Mac adware families that changes constantly to avoid detection.
The adware disguises itself as a legitimate extension of the Safari browser. At the same time, it collects user data and induces a large number of ads, including banners and pop-ups that target malicious websites flooded with more malware. It is worth mentioning that GoSearch22 was signed with an Apple Developer ID in November 2020, but its certificate has since been revoked. In addition, Wardle suggests that the malware for M1 is at an early stage, and the signatures used to detect malware threats on the M1 chip have not yet been observed for the most part. Therefore, it is useless to use antivirus scanners and defensive tools, as most of them struggle to process the corrected files correctly. GoSearch22 is not the only M1 malware, as researchers at the security firm Red Canary suggest that more malicious software is being investigated.