Now that Apple has officially begun the transition to Apple Silicon, so has malware.
Security researcher Patrick Wardle published a block detailing that he had found a malicious program called GoSearch22, an extension of the Safari browser that has been reworked for Apple’s M1 processor. (The extension is a variant of the Pirrit family of adware, which is notorious on Macs.) Meanwhile, a new report from With cable it also cites other security researchers who have found other different cases of native M1 malware from Wardle’s findings.
GoSearch22 malware was signed with an Apple Developer ID on November 23 2020: Shortly after the first M1 laptops first awakened. Having a developer ID means that the user who downloads the malware would not be activated Gatekeeper on macOS, which notifies users when an application they are about to download may not be secure. Developers can take the extra step of sending apps to Apple to be notified for further confirmation. However, Wardle points out in its wording that it is unclear whether Apple ever notarized the code, as the GoSearch22 certificate has since been revoked. Unfortunately, he also writes that since this malware was detected at large, regardless of whether Apple notarized it, “macOS users were infected.”
The program itself seems to behave similarly to your standard adware. Similarly, if you are infected, you may see articles such as coupons, banners, pop-up ads, surveys, and other types of ads that promote shady websites and downloads. This type of malware also usually collects your browsing data, such as IP addresses, places you’ve visited, search queries, and so on.
G / O Media may receive a commission
This is to be expected, and no, if you have a computer powered by M1, you still shouldn’t panic. To back it up a bit, what happens with the M1 processor is that the chip architecture is based on ARM, whereas previously Apple had been based on the Intel x86 architecture. In making the change, Apple promised super-fast performance and built-in security. And while we found that M1 chips gave impressive results in our benchmark tests, it’s also clear that the chip is. slowed down by limited software compatibility. Most apps out there right now weren’t developed to run natively on the M1 and require Apple’s Rosetta 2, which automatically turns software written for Intel chips into something the M1 understands. For the best performance promised by Apple, you would want to optimize the software for the M1 chip. That’s why developers are working on creating native M1 versions of their software. Naturally, malware developers also want malware to run at full capacity on M1 devices.
The good news is that security researchers and vendors are also working to develop methods to detect M1 malware. In accordance with With cableHowever, you should expect some lag in detection rates when trying to find new types of malware. Given this inevitable delay, it is troubling that malware authors have been able to move quickly from Intel to Apple Silicon. To date, native instances of M1 malware that have been found are not significant threats. But! The M1 has only been around for a few months and there are likely to be more types of malicious variants on the way. Surely, security providers will eventually recover and update detection tools to keep consumers safe. In the meantime, if you have an M1-powered laptop, it’s a good idea to double your hygiene safety and think twice about what you click.