It’s not the cheeriest news, but it was bound to happen eventually.
A piece of malware specifically designed to run on Apple’s new M1 chip has been discovered, indicating that malware authors have begun adapting malicious software for Apple’s new generation of Macs with Apple silicon.
Per Mac security researcher Patrick Wardle, a malicious Safari adware extension, dubbed “GoSearch22”, which was originally written to run on Intel x86 chips has been adapted to the new Apple Silicon hardware. The extension is a well-known member of the “Pirrit” Mac adware family and was first spotted at the end of December. Pirrit is one of the oldest and most active Mac adware families, and has been known to constantly change in an attempt to evade detection, so it is unsurprising that it has already begun adapting for the M1.
The GoSearch22 adware presents itself as a legitimate Safari browser extension, but soon begins to collect user data and begin serving a large number of banner and popup ads, including some that link to websites that proliferate additional malware. Wardle says the adware was signed with an Apple Developer ID in November to further conceal its malicious content, but it has since been revoked.
Wardle noted that since malware for the M1 processor is still at an early stage, antivirus scanners and defensive tools are struggling to process the amended files. At present, the signatures used to detect threats from malware on the M1 chip have not yet been substantially observed, so the security tools to detect and deal with it are not yet available. The M1 processor is currently found in Apple’s Mac mini, MacBook, and MacBook Pro computers, and is likely to be found in upcoming hardware as Apple switches from Intel to its Apple Silicon processors in the future.
Researchers from security firm Red Canady stated that other types of native M1 malware have also been discovered and are being investigated.
While the M1-native malware that researchers have found does not seem to be unusual or particularly dangerous, the emergence of these new varieties acts as a warning that there is likely more to come.
As always, keep your antiviral programs updated, please be careful in what you download and install, and stay tuned for additional details as they become available.
Via MacRumors, Wired, and Objective-See