What you need to know
- There's malware out there that is adapting to run natively on the M1 chip.
- The malware in question is "GoSearch22," which disguises itself as a Safari browser extension.
- Never click on suspicious things.
Apple released its own M1 silicon a few months ago and has touted it to be the latest and greatest for the future of the Mac, but it's still susceptible to malware, apparently. That's right — malware that has been specifically tailored to run on M1 Macs has been discovered. This means that malware authors are adapting to Apple's latest technology.
A report by Mac security researcher Patrick Wardle, via Wired, explains all of the details about how this malware has been adapted and recompiled to natively run on the M1 chip. This malware was first discovered in the form of a Safari adware extension that was originally created for Intel x86 chips. "GoSearch22" is the extension in question, and it's apparently a well-known member of the "Pirrit" Mac adware family, first spotted towards the end of December 2020. Considered to be one of the oldest and most active Mac adware families, Pirrit is known to constantly change and evolve in order to evade detection. With this information at hand, it's not surprising that it has adapted to the M1 chip.
With GoSearch22, it will present itself as a legitimate Safari extension, looking innocent on the surface. But as it runs in the background, it will collect user data and deliver a large number of ads and popups, with some linking back to malicious websites to proliferate even more malware. According to Wardle's report, the adware has been signed with an Apple Developer ID last November to avoid detection — this verification has since been revoked.
This new M1 malware is still in the early stages, so it is hard to detect it with antivirus scanners when compared to the x86 versions. Any signatures that are usually used to detect security threats in malware on the M1 has not fully been observed yet, making resources scarce at this time.
The security company, Red Canary, had researchers tell Wired that there are also other types of native M1 malware, different from Wardle's results, have also been found and are currently being investigated.
As of right now, the M1 chip is only found in the MacBook Air, 13-inch MacBook Pro, and the Mac mini. It's expected to expand into the rest of the Mac lineup later this year. As Apple's technology for the Mac continues to evolve, we should also expect malware and other security threats to adapt and target them.
A good first step towards preventing malware and viruses on your Mac is to never click links or attachments that look suspicious.