Malware specifically designed to run on the Apple M1 chip has been discovered, indicating that malware authors have begun to adapt malicious software for the new generation of Apple silicon Macs.
/article-new/2020/11/macbook-air-m1-unboxing-feature.jpg?resize=560%2C313&ssl=1)
Mac security researcher Patrick Wardle has now published a report, quoted by Wired, which explains in detail how the malware began to be adapted and recompiled to run natively on the M1 chip.
Wardle discovered the first known native malware M1 in the form of a Safari adware extension, originally written to run on Intel x86 chips. The malicious extension, called “GoSearch22”, is a known member of the “Pirrit” Mac adware family and was first seen in late December. Pirrit is one of the oldest and most active families of Mac adware and is known to be constantly changing in an attempt to evade detection, so it’s no surprise that it has already started adapting to M1.
GoSearch22 adware presents itself as a legitimate Safari browser extension, but collects user data and broadcasts a large number of ads, such as banners and pop-ups, including some that link to malicious websites to proliferates more malware. Wardle says the adware was signed with an Apple developer ID in November to further hide its malicious content, but has since been revoked.
Wardle notes that since the malware for M1 is still in its infancy, antivirus scanners do not detect it as easily as x86 versions and defensive tools such as antivirus engines struggle to process modified files. The signatures used to detect malware threats on the M1 chip have not yet been substantially respected, so security tools for detecting and managing it are not yet available.
Researchers from the security company Red Canary said Wired that other types of native malware M1, distinct from Wardle’s findings, have been found and are being investigated.
Only the MacBook Pro, MacBook Air and Mac mini have Apple silicon chips at the moment, but the technology is expected to expand into the Mac range over the next two years. Given that all new Mac computers are expected to feature Apple silicon chips such as M1 in the near future, it was somewhat inevitable that malware developers would eventually start targeting the new Apple machines.
While the native M1 malware that the researchers found does not appear to be unusual or particularly dangerous, the emergence of these new varieties acts as a warning that more are likely to come.
See Wardle’s full report for more information on the first native M1 malware.