Home / Mac / News
News

M1 Macs face first recorded malware

Adware has emerged that runs natively on M1 Macs - and it won't be the last
By Stephan Wiesend
Macworld FEB 19, 2021 8:04 am PST
Computerworld

It was probably only a matter of time. As the security specialist Patrick Wardle reports, the first adware for M1 Macs has been recorded.

The malware, based on the adware Pirri and known as GoSearch22, was specially compiled for Apple’s ARM platform and makes unwanted adverts display. The malware, first reported to the antivirus platform VirusTotal in December, was called GoSearch22 and was even signed with a developer certificate from Apple. (Apple has since withdrawn this certificate, so the malware would no longer be executable.)

The fact that the first ARM malware is adware is not really surprising. Adware of this type often disguises itself as a browser extension that the user installs themselves; it then changes the browser settings and shows targeted adverts and sometimes also collects user data. Obviously a profitable business, the adware is also active on other platforms and is constantly being adapted.

It’s very unlikely that this is the only M1 malware. Researchers at Red Canary tell Wired that they are investigating a second possibility, and malware authors in general have clearly started work on porting their malware. (It’s since emerged that Red Canary spotted a previously undetected piece of malware named Silver Sparrow, which it calls “reasonably serious”.)

Wardle sees it as worrying that current antivirus software and monitoring tools still have problems analysing the ARM version of the malware.

As usual with apps for Apple’s platform, the adware consists of an Intel and an ARM version. Wardle checked the files individually in a test with the VirusTotal platform, and while most virus scanners would have had no problem recognising the Intel version, he said, the ARM version’s recognition fell by 15%.

Our view

The first malware on Apple’s new platform is adware – that’s no surprise. Apple’s new computers are very safe, but the user is not completely safe from adware, and should only install tools or extensions from verified sources.

For general advice read our Mac security tips. And catch a bargain with our guide to the best M1 Mac deals.

Apple has showcased the new security features of the M1 Macs in a Security Guide, read: M1 safer than Intel Macs: Apple’s Security Guide to find out how the security features of the M1 and Intel Macs compare.

This article originally appeared on Macwelt. Translation by David Price.