Many people might argue that Mac is relatively more secure than Windows. While this is largely true, there has been a gradual increase over the past few years, which has become alarming. A new malware has now been spotted, which is reportedly the first such malicious piece of software targeted at Apple’s new M1 processor.
The new ARM-based M1 chipset was unveiled late last year on the new MacBook Pro, MacBook Air and Mac Mini and has been praised for outstanding performance compared to Intel’s similar chips. The transition to ARM has enabled Apple to move away from Intel’s x86 architecture from 2005 and integrate certain security features directly into its processors. This architectural change has forced developers to run newer versions of their software to work on the M1 disk system rather than translate it through Apple’s Rosetta 2 emulator. It is not surprising that creators of malware have also adapted from this transition according to this report Wired.
Mac Security Researcher Patrick Wardle’s report Explains how malware can be easily adapted and reconstituted to run on the M1 disk. The first M1 malware is apparently a Safari adware extension called ‘GoSearch22’, which was originally run on Intel x86 chips. It is said to be part of the “Pirrit” Mac advertising family, one of the oldest and most active Mac advertising families constantly changing to evade detection.
The adware disguises itself as a legitimate extension of the Safari browser. At the same time, it collects user data and causes a large number of ads, including banners and pop-ups that link to malicious websites that are flooded with more malware. It is noteworthy that GoSearch22 was signed in November 2020 with an Apple Developer ID, but the certificate has since been revoked. Furthermore, Wardle suggests that the malware for the M1 is at a very early stage, and that the signatures used to detect threats to malware on the M1 chip have mostly not been detected. It is therefore pointless to use antivirus scanners and defense tools, as most of them struggle to process the modified files correctly. GoSearch22 is not the only M1 malware, as researchers from the security company Red Canary suggest that such malicious software is still being investigated.