First Malware Running Natively on M1 Chip Discovered

by

Malware specifically tailored to run on Apple's M1 chip has been discovered, indicating that malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.

macbook air m1 unboxing feature
Mac security researcher Patrick Wardle has now published a report, cited by Wired, that explains in detail how malware has started to be adapted and recompiled to run natively on the ‌M1‌ chip.

Wardle discovered the first known native ‌M1‌ malware in the form of a Safari adware extension, originally written to run on Intel x86 chips. The malicious extension, called "GoSearch22," is a well-known member of the "Pirrit" Mac adware family and was first spotted at the end of December. Pirrit is one of the oldest and most active Mac adware families, and has been known to constantly change in an attempt to evade detection, so it is unsurprising that it has already begun adapting for the ‌M1‌.

The GoSearch22 adware presents itself as a legitimate Safari browser extension, but collects user data and serves a large number of ads such as banners and popups, including some that link to malicious websites to proliferate more malware. Wardle says the adware was signed with an Apple Developer ID in November to further conceal its malicious content, but it has since been revoked.

Wardle notes that since malware for the ‌M1‌ is still at an early stage, antivirus scanners are not detecting it as easily as x86 versions and defensive tools like antivirus engines are struggling to process the amended files. The signatures used to detect threats from malware on the ‌M1‌ chip have not yet been substantially observed, so the security tools to detect and deal with it are not yet available.

Researchers from security company Red Canary told Wired that other types of native ‌M1‌ malware, distinct from Wardle's findings, have also been found and are being investigated.

Only the MacBook Pro, MacBook Air, and Mac mini have Apple silicon chips at this time, but the technology is expected to expand across the Mac lineup over the next two years. Given that all new Mac computers are expected to feature Apple silicon chips like the ‌M1‌ in the near future, it was somewhat inevitable that malware developers would eventually start to target Apple's new machines.

While the M1-native malware that researchers have found does not seem to be unusual or particularly dangerous, the emergence of these new varieties acts as a warning that there is likely more to come.

See Wardle's full report for more information about the first M1-native malware.

Tags: Apple Silicon Guide, M1 Guide

Popular Stories

iPhone Pocket Short

iPhone Pocket is Now Completely Sold Out Worldwide

Tuesday November 25, 2025 7:16 am PST by
Apple recently teamed up with Japanese fashion brand ISSEY MIYAKE to create the iPhone Pocket, a limited-edition knitted accessory designed to carry an iPhone. However, it is now completely sold out in all countries where it was released. iPhone Pocket became available to order on Apple's online store starting Friday, November 14, in the United States, France, China, Italy, Japan, Singapore, ...
Read Full Article138 comments
New Intel Logo

Apple and Intel Rumored to Partner on Mac Chips Again in a New Way

Friday November 28, 2025 7:33 am PST by
While all Macs are now powered by Apple's custom-designed chips, a new rumor claims that Apple may rekindle its partnership with Intel, albeit in a new and limited way. Apple supply chain analyst Ming-Chi Kuo today said Intel is expected to begin shipping Apple's lowest-end M-series chip as early as mid-2027. Kuo said Apple plans to utilize Intel's 18A process, which is the "earliest...
Read Full Article129 comments
iphone black friday gold

The Best Black Friday iPhone Deals Still Available

Friday November 28, 2025 6:24 am PST by
Cellular carriers have always offered big savings on the newest iPhone models during the holidays, and Black Friday 2025 sales have kicked off at AT&T, Verizon, T-Mobile, and more. Right now we're tracking notable offers on the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air. For even more savings, keep an eye on older models during the holiday shopping season. Note: MacRumors is...
Read Full Article3 comments
apple store down feature

Here's Why the Apple Store is Going Down

Thursday November 27, 2025 1:01 pm PST by
Apple's online store is going down for a few hours on a rolling country-by-country basis right now, but do not get your hopes up for new products. Apple takes its online store down for a few hours ahead of Black Friday every year to tease/prepare for its annual gift card offer with the purchase of select products. The store already went down and came back online in Australia and New Zealand, ...
Read Full Article18 comments
streaming black friday 2025

Best Black Friday Streaming Deals - Save Big on Apple TV, Disney+, Hulu, and More

Thursday November 27, 2025 1:14 pm PST by
We've been focusing on deals on physical products over the past few weeks, but Black Friday is also a great time of year to purchase a streaming membership. Some of the biggest services have great discounts for new and select returning members this week, including Apple TV, Disney+, Hulu, Paramount+, Peacock, and more. Note: MacRumors is an affiliate partner with some of these vendors. When...
Read Full Article22 comments
Cyber Monday Deals 2025

Best Cyber Monday Apple Deals Include Big Discounts on AirPods, Apple Watch, and More

Sunday November 30, 2025 7:33 am PST by
Cyber Monday is here, and you can find popular Apple products like AirPods, iPad, Apple Watch, and more at all-time low prices. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running....
Read Full Article3 comments
iphone air camera

iPhone Air Flop Sparks Industry Retreat From Ultra-Thin Phones

Thursday November 27, 2025 3:14 am PST by
Apple's disappointing iPhone Air sales are causing major Chinese mobile vendors to scrap or freeze their own ultra-thin phone projects, according to reports coming out of Asia. Since the ‌iPhone Air‌ launched in September, there have been reports of poor sales and manufacturing cuts, while Apple's supply chain has scaled back shipments and production. Apple supplier Foxconn has...
Read Full Article247 comments
maxresdefault

The MacRumors Show: Apple's Big Plans for iPad Mini 8

Friday November 28, 2025 8:39 am PST by
On this week's episode of The MacRumors Show, we talk through the latest rumors about Apple's upcoming iPad mini 8. Subscribe to The MacRumors Show YouTube channel for more videos The next-generation version of the iPad mini is expected to feature an OLED display, as part of Apple's plan to expand the display technology across many more of its devices. Apple's first OLED device was the Apple...
Read Full Article28 comments

Top Rated Comments

casperes1996 Avatar
casperes1996
63 months ago
Good to see more software natively supported
Score: 73 Votes (Like | Disagree)
ck2875 Avatar
ck2875
63 months ago

malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.
They probably needed to get their malware out the door so they could get the $500 voucher for returning the Dev. Kit. to Apple.
Score: 32 Votes (Like | Disagree)
jasoncarle Avatar
jasoncarle
63 months ago
Wouldn't just not adding rando browser extensions to Safari protect you from this?
Score: 25 Votes (Like | Disagree)
Dark_Omen Avatar
Dark_Omen
63 months ago
I wish I was a loser that had no life to the point where I create malware to infect other people's machines.

Oh wait, no I don't.
Score: 12 Votes (Like | Disagree)
baryon Avatar
baryon
63 months ago
But Safari extensions were long deprecated ever since Catalina, and now you can only install them from the App Store, for this very reason, to prevent malware. How is this even still possible?
Score: 11 Votes (Like | Disagree)
farewelwilliams Avatar
farewelwilliams
63 months ago
Dunno, I thought Chrome was the first malware for eating all the CPU cycles and memory.
Score: 7 Votes (Like | Disagree)
Read All Comments