Malware specially designed to run on Apple’s M1 chip has been discovered, indicating that malware authors have begun to adapt malware for Apple’s new generation of Macs using Apple chips.
Mac security researcher Patrick Wardle has now published a report that explains in detail how malware began to be adapted and recompiled to run natively on the M1 chip.
Wardle discovered the first known native M1 malware, originally written to run on Intel x86 chips. The malicious extension is “GoSearch22”, a well-known member of the “Pirrit” Mac adware family, and was first discovered at the end of December. Pirrit is one of the oldest and most active Mac adware families, and has always been known for its constant change to avoid detection, so it is not surprising that it has begun to adapt to the M1.
GoSearch22 adware acts as a genuine Safari browser extension, but it collects user data and provides a large number of advertisements, such as banners and pop-up windows, including some advertisements that link to malicious websites, in order to spread more malware. Wardle said that this adware signed an Apple developer ID in November to further hide its malicious content, but the ID has since been revoked.
Wardle pointed out that since M1’s malware is still in its early stages, anti-virus scanners are not as easy to detect as the x86 version, and anti-virus engines and other defense tools are also working hard to process modified files. The signature used to detect malware threats on the M1 chip has not yet been substantively observed, so security tools to detect and process it have not yet appeared.
Researchers from the security company Red Canary told foreign media Wired that other types of native M1 malware that are different from Wardle’s findings have also been discovered, and investigations are ongoing.
Currently, only MacBook Pro, MacBook Air and Mac mini use Apple silicon chips, but this technology is expected to expand to the entire Mac product line in the next two years. In view of the fact that in the near future, all new Mac computers will use Apple silicon chips like M1, therefore, malware developers will eventually begin to attack Apple’s new machines, which is inevitable to some extent.
Although the M1 native malware discovered by the researchers does not seem to be uncommon and not particularly dangerous, the emergence of these new varieties has played a warning role, indicating that more malware may appear.