A researcher has spotted the first piece of Mac malware that appears to have been created specifically for devices with Apple’s recently introduced M1 chip.
The malware was discovered by Patrick Wardle, a cybersecurity researcher who specializes in Apple products. Wardle has developed several free and open source security tools for Macs, and came up with the idea to look for malware designed to run natively on M1 systems while rebuilding his tools for native M1 compatibility.
The M1 system-on-chip (SoC), unveiled by Apple in November 2020, is designed for increased performance, as well as better security, with the Cupertino, Calif.-based tech giant claiming that it includes security protections built deep into its code execution architecture.
The M1 chip uses the arm64 CPU architecture and apps developed specifically for Macs powered by the M1 contain arm64 code. Wardle searched Google’s VirusTotal malware analysis service for such samples and discovered an app named GoSearch22, which turned out to be a variant of Pirrit, a piece of adware that has been around for several years.
The sample discovered by the researcher, submitted in late December 2020, had been signed with an Apple developer ID and it had apparently been detected in the wild. The adware variant developed for M1 systems was designed to install itself as a Safari extension, and packed various anti-analysis capabilities.
A small experiment conducted by Wardle also showed that static analysis tools and anti-malware engines could have trouble analyzing and detecting arm64 malware, compared to x86_64 binaries.
“Apple’s new M1 systems offer a myriad ..