First Malware Designed for Apple M1 Chip Discovered in the Wild

Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

The new Apple M1 CPU laptops are barely off the fabrication line, but the hackers have already written and currently testing new malware code. The unique part of the malware is that it is specifically designed to run natively on the ARM-based M1 CPUs. The discovery has proved everyone's suspicions that viruses and malwares are openly being developed to target Apple’s new architecture.

New architecture necessitates the need for a new Operating System and new applications. Software manufacturers began rewriting their popular software package over to the new OS. Not to be outdone, hackers have already begun porting their old virus and malware code over to the new OS and architecture also. With new devices, come new users and plenty of new victims for hackers to take advantage of.

GoSearch22, a Safari browser extension malware, was originally written for Intel x86 CPUs. The malware that is part of the Pirrit family of viruses, has now been ported to also run on the new M1 CPUs. It has been discovered and first seen in November 2020 according to Virus tracking organizations. Pirrit, first documented in 2016 is notorious for creating intrusive and deceptive advertisements to users. Users that interact with the malware even by accident, allow the malware to download and install various unwanted apps. These apps gather and steal users personal information, such as credit card numbers.

Hackers are expanding their toolkit of software viruses, to be able to infect multiple architectures. Being able to run viruses and malwares locally and natively on a specific architecture, minimizes the chances of the viruses being detected. The malware was actually signed by an Apple Developer ID ‘hongshen_yan’, in order to conceal its malicious content. Lucky Apple was able to identify it and remove the application from running on macOS. But this does not stop other hackers from signing these types of apps with other certificates.

Just because M1 is a new CPU on the block doesn’t mean it is immune to new malware and virus code that is actively being developed and already is out there ready to attack. As computer architecture evolves, so do the viruses and malwares evolve with them. All users should minimize the risk of being infected by running anti-virus software and utilizing common sense before visiting websites that they are not familiar with.