Researcher Patrick Wardle said he had searched through the VirusTotal database and identified a macOS program that was written in native M1 code and was identified as malicious.
The M1 processor uses ARM- based architecture and thus apps developed for Mac have to be now translated through Apple's Rosetta 2 engine or else new native apps have to be created.
The application Wardle identified, called GoSearch22, is a variant of the Pirrit adware family that is a common threat targeting Mac users.
The Slovakian security firm ESET said GoSearch22 had been submitted to VirusTotal at the end of December 2020, just a month after the Mac M1 launch.
“Rather awesomely, if we analyse details of the VirusTotal submission, it turns out this sample was submitted (by a user) directly through one of Objective-See’s tools (likely KnockKnock) …after the tool flagged the malicious code, due to its persistence mechanism,” Wardle said.
Objective See refers to Wardle's own site. He creates free security tools for OSX.
"This means that the malware has been detected in the wild and macOS users might have been infected," he said.
“...we confirmed that malicious adversaries are indeed crafting multi-architecture applications so that their code will natively run on M1 systems. The malicious GoSearch22 application may be the first example of such natively M1 compatible code,” he added.