Apple M1 gets its first malware

Recently, there has been a rise in the amount of malware geared towards Apple computers. Adware and ransomware specifically designed to target Mac have also popped up. Apple devices, known for their impressive security features, are constantly being studied by attackers to see how they can get past Apple’s defenses. Recently, hackers showcased malware that can penetrate Apple’s new M1 processors, which debuted for MacBook Pro, Mac Mini, and MacBook Air in November 2020.

Since 2005, Apple has been using the Intel x86 architecture to power its computers, but the new Apple M1 chip will allow the tech giant to craft security protocols specifically for Mac. Because of this, developers have needed to produce versions of their software that can “natively” run on M1. Otherwise, the software would have to be run through an Apple emulator called the Rosetta 2 to function properly. Perhaps inspired by legitimate developers’ actions to accommodate the new M1 chip, attackers have begun making the switch as well to help their malware adapt. (Read: Capcom hit with ransomware attack)

On February 14, 2021, Patrick Wardle, a Mac security researcher, posted about a malicious extension called GoSearch22 that was repurposed to run on M1 chips. The Safari adware extension was once meant for Intel x86 chips, but it seems that attackers are attempting to make it easier for hackers to run it on Apple’s new M1 processors. According to Wardle, the reinvention of this adware extension is indicative of how malware authors are trying to evolve and adapt to match up to Apple’s latest software updates. However, this particular strain of malware that Wardle discovered is not alone. Security firm Red Canary seems to have also found another strain of malware geared specifically towards M1 computers.

Mac’s processors will be relying on its M1 chips from this point forward, so it’s not a surprise that malware authors will be developing code to infiltrate M1 computers. The revamped adware was uploaded on VirusTotal, an antivirus testing platform, just a little over a month after the M1 laptops were released to the public. The GoSearch22 extension pretends to be a legitimate browser extension for Safari users, but it proceeds to collect user data and spam the user with ads that lead them to malicious websites.

Additionally, according to Wardle, the malicious extension was connected to an Apple developer ID, which is a paid account that enables Apple to keep tabs on all of its developers. Apple has refused to respond to Wardle’s discoveries. However, GoSearch22’s certificate has been rescinded.

Malware developed specifically for M1 chips was not inevitable, and users need to be aware that such malware already exists. Early this year, roughly 30,000 of Apple’s new computers have already faced the attack of an M1-designated malware called the “Silver Sparrow”.

Now, the M1 malware isn’t regarded as a major threat yet, but its appearance is indicative of more of its kind to come. Security developers may need to work double-time to come up with the tools for users to better detect and combat the native malware.

If you like reading our content, why not show your appreciation by treating us to a cup of coffee? (or two, if you’re feeling generous)


Misha Fabian

Athlete | Performer | Writer

%d bloggers like this: