The first malware designed specifically for its ARM processors is discovered and it proves that even Apple’s M1s are not spared.
Apple’s M1 processor arrived last year and has positioned itself as one of the most important transitions of the Mac and a giant leap in computing. After we witnessed this new chip and the new proprietary architecture, now we see a new malware that can affect the computers using it. Recent research shows what is believed to be the first virus designed specifically for Apple Silicon processors.
One of the features of Apple M1 is that it requires applications written from scratch. This is due to the use of a different architecture based on armx64 and not on x86 as is the case with Intel processor-based computers. But apps are not the only thing that must be adapted, malware must also be rewritten, after all, they are apps.
Patrick Wardle, an independent security researcher, recently published research revealing the first example of malware for Apple M1s. It’s an adware that infects the computer via a Safari extension. The result? Dozens of pop-ups, banners and all sorts of ads when trying to surf the web.
According to Patrick Wardle, the malware is not very harmful per se, it’s more of a light version of what you might encounter. He believes that its creators were looking more to provoke the victim to click and make money from advertising rather than outright stealing money from them.
GoSearch22 is not a new malware, but now effects Macs with Apple M1 processor
GoSearch22, which is the name given to the malware, is not entirely new. According to VirusTotal, which compiles a repository of malware detected to date, it is very similar to one called Pirrit. Pirrit is also relatively harmless and its main attack is to place ads in the browser. However, it is extremely difficult to remove without a high level of expertise.
The researcher uploaded both GoSearch22 and Pirrit to the VirusTotal repository to see if antivirus services recognized them equally. Not so, according to Wardle, about 15% of the antivirus services failed to recognize the Apple M1 version as malware. A warning to antivirus vendors that the M1, being a relatively new processor, does not have to be neglected.
All in all, Apple revoked the installation license of the creator of GoSearch22 and the Safari extension. This means that it cannot be installed again by an Apple user with an M1 computer. It remains to be seen now how long it will take hackers to create a new certified version.