only existed for a few months, but it did not take long before hackers began targeting the systems. Security researcher Patrick Wardle says he has found a malicious app specifically for the.
He said that the Safari adware extension, called GoSearch22, was originally designed for Intel x86 processors. It turns out to be a variant of the well-known Mac adware Pirrit. Wardle tells that the malware looks “pretty vanilla” – it collects user data and fills the screen with illegal ads – but notes that its developers can update GoSearch22 with more malicious features.
While new Macs can still design applications designed for Intel x86 chips via emulation, there are many developers who create M1 versions of their software. The existence of GoSearch22, Wardle writes, “confirms that malware / adware authors are indeed working to ensure that their malicious creations are originally compatible with Apple’s latest hardware.”
Wardle discovered the malware on the antivirus testing platform VirusTotal, where someone uploaded it in December. The researcher found that although the antivirus scanners of the platform identified the x86 version of the adware as malicious, 15 percent of them did not suspect that the M1 version of GoSearch22 was malware. This indicates that not all antivirus software is completely ready to eradicate malware designed for M1-based systems. Another researcher, Thomas Reed, tells Wired that setting up software for ‘M1 can be as easy as turning a switch in project settings,’ so it looks like hackers may not have to do much to customize their malware for Apple’s latest processor.
According to Wardle, GoSearch22 was signed in November with an Apple Developer ID. However, Apple has revoked the adware certificate, making it difficult for users to install it.