macOS has always been one of the most secure operating systems on the market. However, that does not mean that it cannot be attacked, in fact it has always been thought that it is an extra motivation for hackers. Being one of the most secure systems, it is a temptation for the friends of the other computer speaking. The same thing happens to the Apple Silicon M1, being a new and more secure system it is difficult to attack it but not impossible. It has been found the first Malware to affect Apple Silicon M1.
Former NSA investigator Patrick Wardle has recently praised Apple for the safety of its M1 processor and we also know that the number of malware on this system has dropped operational. Still, he has discovered evidence of hackers creating specific malware for him. Wardle discovered the existence of GoSearch22.app, a native M1 version of the Pirrit virus. This version appears to have been aimed at displaying ads and collecting data from the user's browser.
We have confirmed that malicious adversaries are building multi-architecture applications. This way your code will run natively on M1 systems. The malicious application GoSearch22 may be the first example of this natively M1 compatible code. The creation of these types of applications is remarkable for two main reasons. First (and not surprisingly), this illustrates that malicious code continues to evolve in direct response to hardware and software changes coming out of Cupertino. Second, and more worryingly, analysis tools (static) or antivirus engines may have trouble detecting this new malware.
Current antivirus systems that could detect the Intel versions of this Pirrit virus, could not identify it in the Apple Silicon M1 version. This is because Apple has revoked the developer's certificate so that it cannot be run. At the moment it is not known how we could eliminate this virus in the new Macs. Due to its new architecture, we must wait for the antivirus developers to create a specific one for M1. It is what has to be so special.
