One of the first samples of malware designed to run locally on the Mac M1 was detected, indicating that hackers have begun to adapt the malware to target the company’s latest generation of Macs with its processors.
While the move to M1 has necessitated developers creating new versions of applications to ensure performance and compatibility, malware authors are taking similar steps to build malware that can be executed locally over M1 systems.
Wardle did In detail An add-on for Safari ads called GoSearch22, which was originally written to run on Intel x86 chipsets, but modified to run on ARM-based M1 chips.
The addition was first seen on November 23, 2020, according to a sample done Downloaded On December 27th, via Alphabet’s proprietary antivirus testing platform, VirusTotal.
“The extension collects user data and floods the screen with illegal ads, but it can be updated with more harmful functions,” Wardle said.
And while M1 Macs can run applications designed for Intel x86 chips via emulation, many developers create original M1 versions of the software.
“The presence of GoSearch22 confirms that the authors of malware or adware are working to ensure that their malware is natively compatible with the latest Apple devices,” Wardle wrote.
Although the development highlights how malware continues to evolve as a direct response to hardware changes, Wardle cautioned that analysis tools or antivirus engines may run into difficulties with the arm64 binaries, with detections from security software dropping by 15 percent when compared to releases. Intel x86_64.
The capabilities of the GoSearch22 malicious extension may not be new or dangerous, but the emergence of new M1-compatible malware indicates that this is only the beginning, and more variants are likely to appear in the future.