Even Apple’s M1s are not spared: they discover the first malware designed specifically for their ARM processors
The Apple M1 processor arrived last year and has been ranked as one of the most important transitions of the Mac and a gigantic leap in computer science. New chip, new architecture of its own and … new malware. Recent research shows what aims to be the first virus designed specifically for Apple Silicon processors.
One of the characteristics of M1 de Apple is that it requires applications written from scratch. This is due to the use of a different architecture based on armx64 and not on x86 as is the case with computers with an Intel processor. But apps are not the only thing that must adapt, also malware must be rewritten, after all, they are apps.
Patrick Wardle, an independent security researcher, recently posted an investigation that reveals the first example of malware for Apple’s M1s. It is an adware that infects the computer through a Safari extension. The result? Dozens of pop-ups, banners and all kinds of ads when trying to surf the net.
According to Patrick Wardle, malware is not very harmful in itself, it is rather a light version of what one might find. He believes that its creators sought more to provoke the click of the victim and earn money from advertising instead of directly stealing money from them.
An old acquaintance
GoSearch22, which is the name given to the malware, is not entirely new. According to VirusTotal, which collects the malware detected to date in a repository, it is very similar to one named Pirrit. Pirrit is also relatively harmless and its main attack is to place ads in the browser. However, it is extremely difficult to remove without high knowledge in the subject.
The researcher uploaded both GoSearch22 and Pirrit to the VirusTotal repository to see if the antivirus services recognized them equally. It was not, according to Wardle, about 15% of the antivirus failed to recognize the version for the M1 from Apple as malware. A word of advice to antivirus manufacturers that the M1, being a relatively new processor, does not have to be neglected.
All be said Apple revoked the creator’s installation license GoSearch22 and the extension for Safari. This means that it cannot be reinstalled by an Apple user with an M1 computer. It remains to be seen how long the hackers to create a new certified version.