Patrick Wardle, an independent cybersecurity researcher and developer of free security tools analyzed what could be considered the first native application for Mac M1 with malicious code. The application, which turned out to be a new version adapted to the new mac ARM chips in a version compatible with macOS by injecting adware, that is, malicious software that adds advertisements.
This malicious software is installed as an extension for Safari; it is an updated version of an application disguised as GoSearch22. The adware collects browser data and displays all kinds of menus, pop-ups, and so on with intrusive advertisements. It is “very basic,” according to Wardle since all that the hacker is looking to do is profit from advertising revenue.
According to VirusTotal, GoSearch22 is nothing more than an updated version adapted for macOS of very famous adware on the internet, Pirrit.
Amit Serper, another researcher specialized in the field of cybersecurity, determined that although this threat was not dangerous as such, it does enjoy persistence in its attacks, and it is very difficult to eliminate it from the system by an average user.
Wardle warns of precisely this. Added to this fact is that not all antivirus are adapted for the ARM architecture, and they are responsible for detecting malicious software on our computer. In fact, Wardle himself did his tests; He separated the old version of Pirrit from the new one, uploaded them to VirusTotal, and found that around 15 percent of antiviruses were not detecting the new version as malware.