Now that Apple has officially begun the transition to Apple Silicon, so has malware.
Security researcher Patrick Wardle published a blog in which he said he had found a malicious program called GoSearch22, a Safari browser extension adapted for Apple’s M1 processor. (The extension is a variation of the Pirrit adware family, which is infamous on Macs.) Meanwhile, a new report from Wired also cites other security researchers who found other, different instances of native M1 malware based on Wardle’s findings.
The GoSearch22 malware was signed with an Apple developer ID on November 23. 2020 – not long after the first M1 laptops first revealed Having a developer ID means that a user downloading the malware would not activate Gatekeeper on macOS, which warns users when an application they are about to download may not be safe. Developers can take the extra step of submitting apps to Apple to be notarized for additional confirmation. However, Wardle notes in his article that it is unclear whether Apple ever notarized the code, as the certificate for GoSearch22 has since been revoked. Unfortunately, he also writes that since this malware was detected in the wild, regardless of whether Apple notarized it, “macOS users were infected.”
The program itself appears to behave in the same way as your standard adware. For example, if you are infected with it, you will encounter coupons, banners, pop-up ads, surveys and other types of ads promoting shady websites and downloads. These types of malware also tend to collect your browsing data such as IP addresses, sites you have visited, search queries, etc.
G / O Media can receive a commission
This is to be expected, and no, if you have an M1 powered computer don’t panic just yet. To back it up a bit, the problem with the M1 processor is that the chip’s architecture is based on ARM, whereas Apple previously relied on the Intel x86 architecture. By making the move, Apple promised super-fast performance and integrated security. And while we found that the M1 chips delivered impressive results in our benchmark tests, it’s also clear that the chip is limited by limited software compatibilityMost of the apps out there today aren’t developed to run natively on the M1 and require Apple’s Rosetta 2, which automatically converts software written for Intel chips into something the M1 can understand. To get the best performance that Apple has promised, you would want the software to be optimized for the M1 chip. That’s why developers are working on creating native M1 versions of their software. Of course, malware developers also want their malware to work optimally on M1 devices.
The good news is that security researchers and vendors are also developing methods to detect M1 malware. According to WiredHowever, you can expect a little delay in detection rates when trying to find new types of malware. Given that inevitable slowdown, it is worrying that malware writers have been able to move quickly from Intel to Apple Silicon. So far, the native instances of M1 malware found are not significant threats. But! The M1 has only been around for a few months and it is likely that more types of malicious variants are on the way. Certainly, eventually security vendors will catch up and update the detection tools to keep consumers safe. But in the meantime, if you have an M1 powered laptop, it’s a good idea to double your safety hygiene and think twice about what you’re clicking on.