The first malware to infect Apple’s M1 processor has been spotted

Many people would argue that Mac is comparatively more secure than Windows. While this is largely true, the past few years have seen a steady increase that has become a cause for concern. New malware has now been spotted, believed to be the first such malware targeting Apple’s new M1 processor.

Debuting late last year on the new MacBook Pro, MacBook Air, and Mac Mini, the new ARM-based M1 chipset has been praised for delivering excellent performance compared to similar chipsets from Intel. The transition to ARM allowed Apple to move away from Intel’s x86 architecture from 2005 and integrate some security features directly on its processors. This change in architecture forced developers to create newer versions of their software to run natively on the M1 chipset rather than translating them through Apple’s Rosetta 2 emulator. Unsurprisingly, malware creators have adapted to this transition as well, according to a report by Wired.

Mac Security Researcher Patrick Wardle’s report explains how malware can be easily adapted and recompiled to run natively on the ‌M1‌ chip. The first M1 malware is apparently a Safari adware extension called “GoSearch22”, originally designed to run on Intel x86 chips. It is said to be part of the “Pirrit” Mac adware family, one of the oldest and most active Mac adware families that is constantly evolving to escape detection.

The adware disguises itself as a legitimate Safari browser extension. Simultaneously, it collects user data and induces a large number of ads including banners and pop-ups that link to malicious websites flooded with more malware. It should be noted that GoSearch22 was signed with an Apple Developer ID in November 2020, but its certificate has since been revoked. In addition, Wardle suggests that the malware for the “M1” is at a fairly early stage, and the signatures used to detect malware threats on the “M1” chip have not yet been observed. Thus, there is no need to use antivirus and defensive tools as most of them struggle to properly process modified files. GoSearch22 isn’t the only M1 malware, as researchers at security firm Red Canary suggest that more malware is currently under investigation.