Wardle has found GoSearch22.app– it’s simply the M1 chip version of the Pirrit adware. While it’s not malicious enough, Pirrit adware is known to track user behaviour and collect user data to show ads.
So, how can this malware affect new MacBook users? Wardle explained in his blog, “When users have apps like GoSearch22 installed on a browser and/or the operating system, they are forced to occasionally see coupons, banners, pop-up ads, surveys, and/or ads of other types. Quite often ads by apps like GoSearch22 are designed to promote dubious websites or even download and/or install unwanted apps by executing certain scripts.”
As far user data is concerned, the Pirrit adware can harvest details like “IP addresses, addresses of visited web pages, entered search queries, geolocations, and other browsing-related information.”
M1 chip is based on ARM AArch64 instruction set architecture and in order for a binary to natively run on an M1 system, developers need to compile it as an Mach-O 64-bit arm64 binary. In other words, “developers must (re)compile their applications.” And the first “recompiled” may be existing since November 2020 and it has just been discovered.
Meanwhile, the overall malware attack on Apple Mac systems decreased by 38% worldwide while spyware attacks on Windows systems increased dramatically as per the 2021 State of Malware Report by antivirus solution provider Malwarebytes.
“Overall Mac detections decreased by 38%, though Mac detections for businesses increased 31%. Malware accounted for just 1.5% of all Mac detections in 2020—the rest can be attributed to Potentially Unwanted Programs (PUPs) and Adware,” said the report.