- Apple's M1 chipset is already a target for hackers who want to compromise the new machines.
- An adware installs itself on the Macs and goes by GoSearch22 on M1.
- The M1 chipset was launched on MacBook Air and Pro models last year.
Apple's M1 chipset is here to stay, thanks to the phenomenal performance it delivers over conventional Intel chipsets. But this ARM-based chipset, which powers last year's crop of MacBook Air and Pro models, is already a hacker target. In his new findings, security researcher Patrick Wardle has unearthed what could be the first app that was created specifically to compromise the M1 processor while masquerading as a regular, benign browser extension. The research is startling for the iPhone maker's ambitious chipset because Apple claimed the M1 chipset uses high standards of security to keep malicious actors at bay.
According to Wardle, GoSearch22 is the popular adware that was originally designed for the Intel x86 processors on Mac. It is only a tweaked variant of the popular Mac adware called Pirrit created to run natively on the M1 processor. This adware is said to install itself as a Safari extension and then goes by GoSearch 22 to escape suspicion. It collects data from browsers surreptitiously and throws a deluge of advertisements, coupons, and display pop-ups, leaving the system prone to hackers. But this adware is not fatal to the system right now.
"It seems like fairly vanilla adware," Wardle told Motherboard. He added that the primary goal of this adware is to make financial gains through invasive advertisements, search results, and popups. However, despite its benign nature, chances are high that the developers of this adware update it to pack detrimental and malicious codes. The underway development could be the first for the adware that is supposed to run natively on the M1 processor. Although the M1 chips support apps meant for Intel x86 chips through an emulation software, Apple has urged developers to make apps that can natively run on the processor to harness the maximum resources.
Wardle said he found the malware on VirusTotal, an antivirus testing platform owned by Google parent Alphabet. This adware was uploaded in December for testing but only the x86 version was red-flagged on the platform. However, 15 per cent of these scanners failed to detect that the M1 version of GoSearch22 is also malware. This can only mean that not all virus scanners are designed to identify malware and other threats for the Apple M1 chipset (you can read a detailed review here) at this point in time. Since the app that runs natively on M1 can form better connections with the overall Mac ecosystem, developers are increasingly moving to create these apps.
In words of another security researcher, Thomas Reed, building software for the M1 can be "as easy as flicking a switch in the project settings". This shows that the hackers may not have had to do much to export their adware to run natively on the M1 processor while retaining its nature to secretly hide. GoSearch22 grabbed the Apple developer ID in November but Apple revoked the adware's certificate, so it is going to be hard for the app to be installed on Macs right now.
How to protect yourself from malware?
The best option is to never install anything that looks suspicious. And that can be achieved only when you visit trusted websites. In case a website fails the verification process, you can install web checkers and online security tools that guide you on what website or extension is safe and what is not. You should also avoid downloading content from unverified sources. For apps, either visit the application's original website or go to the App Store on your Mac or MacBook to download them. Apple's macOS software is secure already but you need to be cautious, as well, when browsing the internet.