First Malware Infecting Apple M1 Chip Appears: Here’s What We Know


Several people claim with evangelical fervor that Mac devices are safer than Windows and a recent report by Malwarebytes also corroborates the claims. However, today, the first malware targeting Apple’s latest M1 SoCs has been spotted by security researchers. This could be a turning point for Apple, and we might see a different report next year because of it.

Here’s what we know so far about the first malware that could bring down your M1-powered Macbook:

GoSearch22: The Malicious Extension Posing Threat To Apple’s New M1 Chip

When Apple shifted to its own silicon and parted ways with Intel, it also moved away from Intel x86 architecture that has been used by developers to create apps for Macs since 2005. This move also allowed developers to integrate security features right into the processor, which wasn’t possible earlier. In order to run apps natively on M1-powered Macs, they have to be recompiled using Rosetta emulator. Now, they can develop applications that can run ‘natively’ on M1 processors without translating x86_64 (Intel) instructions into native arm64 instructions.

Also Read: Apple M2 Details: What To Expect Of Apple’s Next Mac Chip In 2021

It seems that hackers have also engineered a technique to tailor malware for M1 chips using the transition.

Popular Mac security researcher Patrick Wardle has published a report on his website detailing the incredibly easy process of adapting and recompiling malware to run natively on the M1 chipset. He spotted a malicious Safari extension named “GoSearch22”, originally made to run on Intel x86 architecture, which has been re-engineered to run on the M1 processor.

According to Patrick, GoSearch22 belongs to the infamous Pirrit Mac adware family. It is known for its evading techniques to avoid detection by security researchers.

GoSearch22 extension looks like a normal extension but in the background, it collects all user data and also floods users with ads and popups that could lead to other malicious websites.

Patrick found in his research that the extension was signed with an Apple developer ID on November 23, 2020, but Apple has already revoked the certificate of the extension.

A Red Canary intelligence analyst, Tony Lambert says, “Watching malware make the transition from Intel to M1 rapidly is concerning because security tools aren’t ready to deal with it.”

As per Patrick, GoSearch22 isn’t the only malware that has been adapted to run on Apple M1 chips, there are many more to come, and the threat detection tools need to gear up for forthcoming Apple M1 malware.

Source: Wired

Anmol Sachdeva

Anmol Sachdeva

Anmol is a tech journalist who handles reportage of cybersecurity and Apple and OnePlus devices at Fossbytes. He's an ambivert who is striving hard to appease existential crisis by eating, writing, and scrolling through memes.
More From Fossbytes

Latest On Fossbytes

Find your dream job