First Native M1 Mac Malware Detailed

The first malware for M1-based Macs has been discovered as detailed by security researcher Patrick Wardle. This shows that malware and adware authors have started working on new malware/adware for M1 Macs.

Wardle found a Safari adware extension native to M1 Macs called “GoSearch22” which contains adware from the “Pirrit” family. An x86-Intel version of this adware for Intel Macs has been out there for a few years now. This is one of the oldest and most popular Mac adware out there and its code constantly keeps changing to evade detection. The adware was first discovered on M1 Macs towards the end of December.

The GoSearch22 Safari extension collects user data in the background and shows a plethora of ads to users including banner and popup ads. Some of these ads also link to malicious websites. The extension was signed using an Apple Developer ID in November last year but its authorization has since been revoked.

Below is a description of GoSearch22 from PCRisk:

“When users have apps like GoSearch22 installed on a browser and/or the operating system, they are forced to occasionally see coupons, banners, pop-up ads, surveys, and/or ads of other types. Quite often ads by apps like GoSearch22 are designed to promote dubious websites or even download and/or install unwanted apps by executing certain scripts. Moreover, adware-type apps like GoSearch22 tend to be designed to collect browsing data. For instance, details like IP addresses, addresses of visited web pages, entered search queries, geolocations, and other browsing-related information.”

Wardle notes that since anti-virus apps for M1 Macs are currently not as mature and sophisticated as their x86 counterpart, they are not able to detect such malware easily. This is not the only M1 Mac Malware out there though. Red Canary security researchers believe that there are other malware for M1 Macs out there as well which are currently being researched upon.

As of now, this GoSearch22 malware for M1 Mac is not a threat in itself. You can always keep your Mac protected by not installing unknown Safari extensions and apps on it. However, this does show that malware and adware are now being written for M1 Macs so you should follow the same security measures that one takes on any device to keep it safe.

[Via Objective-See, Wired]