Now that Apple has officially begun the transition to Apple Silicon, so has malware.
Security researcher Patrick Wardle has published a BLOGS detailing that he found a malicious program called GoSearch22, a Safari browser extension that was rebuilt for Apple’s M1 processor. (The extension is a variant of the Pirrit family of adware, which is notorious on the Mac.) Meanwhile, a new report from Wired he also cites other security researchers as finding other distinct instances of native M1 malware from Wardle’s findings.
GoSearch22 malware was signed with an Apple developer ID on November 23rd 2020 – not long after the first M1 laptops appeared first revealed. Having a developer ID means that a user who downloads malware would not trigger it Gatekeeper on macOS, which notifies users when an application they are about to download may not be secure. Developers can take the extra step of sending apps to Apple to be notarized for further confirmation. However, Wardle notes in writing that it is unclear whether Apple ever notarized the code, as the certificate for GoSearch22 has since been revoked. Unfortunately, he also writes that since this malware was detected in nature, regardless of whether Apple notarized it, “MacOS users have been infected.”
The program itself seems to behave similarly to your standard adware. As if, if you are infected with it, you are subject to things like coupons, banners, pop-up ads, polls, and other types of ads that promote shady websites and downloads. These types of malware also tend to collect your browsing data, such as IP addresses, sites you’ve visited, search queries, and more.
G / O Media may receive a commission
This is to be expected and no, if you have a computer powered by M1, you should not panic yet. To make a little backup, the thing with the M1 processor is that the chip architecture is based on ARM, while Apple was based on the Intel x86 architecture. By making the switch, Apple promised very fast performance and integrated security. And while we’ve found that M1 chips have performed impressively in our benchmarks, it’s also clear that the jet is hampered by limited software compatibility. Most applications now have not been developed to run natively on the M1 and require Apple’s Rosetta 2, which automatically converts software written for Intel chips into something that the M1 can understand. To get the best performance promised by Apple, you would like the software to be optimized for the M1 chip. That’s why developers are working on creating native M1 versions of their software. Of course, malware developers also want malware to run at full capacity on M1 devices.
The good news is that security researchers and vendors are also working on developing methods to detect M1 malware. Conformable Wiredhowever, you should expect a bit of a delay in detection rates when trying to find new types of malware. Given this inevitable gap, it is worrying that the perpetrators of the malware have managed to move quickly from Intel to Apple Silicon. To date, the native cases of M1 malware that have been found are not significant threats. But! M1 has only been around for a few months and there are likely to be several types of malicious variants. Surely, in the end, security providers will take over and update detection tools to keep consumers safe. In the meantime, if you have an M1-powered laptop, it’s a good idea to double your security hygiene and think twice about what you’re clicking on.