This new native malware was first detected in the wild on December 27, weeks after the first M1 Macs launched. Therefore, it’s entirely possible that some folks were infected.
Former NSA security researcher Patrick Wardle, writing on his Objective-See blog:
So hackers have definitely begun recompiling malware for M1 Macs.
It is no secret that malware can affect Mac computers, and this example reinforces that notion. In his blog post, the security researcher dives deep into the technicalities behind identifying malware that’s built to execute natively on Apple’s M1 laptop chip.
Here’s How It Works
We won’t bore you with details beyond saying he’s used the file tools in macOS to examine malware binaries until he could identify native M1 code in one. Identified as malicious, “GoSearch22” has become the first malware truly optimized for Apple silicon Macs.
Considering “GoSearch22” is a form of the rather insidious “Pirrit” adware, it’s definitely not as innocuous as it might seem at first blush. According to Wardle, this particular strain of the “Pirrit” adware appears to persist as a launch agent.
Should I Be Concerned?
It also installs itself as a malicious Safari extension, he continued.
Another point of concern, according to the security researcher, could be the fact that the current anti-virus engines struggle with native Apple silicon code. On the upside, Wardle highlights the importance of the security measures built into macOS.
Your key takeaway should be that malware creators have started compiling their code to run natively on Apple’s latest Mac hardware. And that could prove problematic for some people because defensive security tools currently struggle to detect Apple silicon binaries.
