Malware specifically adapted to work on Apple’s M1 disk has been discovered, suggesting that malware writers are starting to adapt malicious software for Apple’s new generation of Macs with Apple silicone.
/article-new/2020/11/macbook-air-m1-unboxing-feature.jpg?resize=560%2C313&ssl=1)
Mac security researcher Patrick Wardle has now published a report quoted by Wired, which explains in detail how malware begins to adapt and compile to work naturally on the M1 slide.
Wardle discovered the first known nativeM1 malware in the form of a Safari adware extension, originally written to run on Intel x86 chips. The malicious extension, called ‘GoSearch22’, is a well-known member of the ‘Pirrit’ Mac advertising family and was first noticed at the end of December. Pirrit is one of the oldest and most active Mac advertising families, and it’s known to be constantly changing in an effort to evade detection, so it’s not surprising that it’s already starting to adapt for the M1.
The GoSearch22 adware presents itself as a legitimate Safari browser extension, but collects user data and presents a large number of ads, such as banners and pop-ups, including some that link to malicious websites to spread more malware. Wardle says the adware was signed in November with an Apple Developer ID to further hide its malicious content, but it has since been recalled.
Wardle notes that antivirus scanners can not detect it as easily, as malware for the M1 is in an early stage, as x86 versions and defense tools such as antivirus engines struggle to process the modified files. The signatures used to detect the threats of malware on the M1 disk have not yet been substantially detected, and the security tools to detect and deal with them are not yet available.
Researchers from security company Red Canary tell Wired that other types of native M1 malware, other than Wardle’s findings, were found and investigated.
Only the MacBook Pro, MacBook Air and Mac mini currently have Apple silicone chips, but the technology is expected to expand in the Mac series over the next two years. Since all new Macs are expected to feature Apple silicone chips like the likeM1 in the near future, it was somewhat inevitable that malware developers would eventually start targeting Apple’s new machines.
Although the M1 indigenous malware found by researchers does not seem unusual or particularly dangerous, the emergence of these new varieties is a warning that more are likely to come.
See Wardle’s full report for more information on the first M1 malware.