First Malware Running Natively on M1 Chip Discovered

by

Malware specifically tailored to run on Apple's M1 chip has been discovered, indicating that malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.

macbook air m1 unboxing feature
Mac security researcher Patrick Wardle has now published a report, cited by Wired, that explains in detail how malware has started to be adapted and recompiled to run natively on the ‌M1‌ chip.

Wardle discovered the first known native ‌M1‌ malware in the form of a Safari adware extension, originally written to run on Intel x86 chips. The malicious extension, called "GoSearch22," is a well-known member of the "Pirrit" Mac adware family and was first spotted at the end of December. Pirrit is one of the oldest and most active Mac adware families, and has been known to constantly change in an attempt to evade detection, so it is unsurprising that it has already begun adapting for the ‌M1‌.

The GoSearch22 adware presents itself as a legitimate Safari browser extension, but collects user data and serves a large number of ads such as banners and popups, including some that link to malicious websites to proliferate more malware. Wardle says the adware was signed with an Apple Developer ID in November to further conceal its malicious content, but it has since been revoked.

Wardle notes that since malware for the ‌M1‌ is still at an early stage, antivirus scanners are not detecting it as easily as x86 versions and defensive tools like antivirus engines are struggling to process the amended files. The signatures used to detect threats from malware on the ‌M1‌ chip have not yet been substantially observed, so the security tools to detect and deal with it are not yet available.

Researchers from security company Red Canary told Wired that other types of native ‌M1‌ malware, distinct from Wardle's findings, have also been found and are being investigated.

Only the MacBook Pro, MacBook Air, and Mac mini have Apple silicon chips at this time, but the technology is expected to expand across the Mac lineup over the next two years. Given that all new Mac computers are expected to feature Apple silicon chips like the ‌M1‌ in the near future, it was somewhat inevitable that malware developers would eventually start to target Apple's new machines.

While the M1-native malware that researchers have found does not seem to be unusual or particularly dangerous, the emergence of these new varieties acts as a warning that there is likely more to come.

See Wardle's full report for more information about the first M1-native malware.

Tags: Apple Silicon Guide, M1 Guide

Popular Stories

iOS 26 on Three iPhones

iOS 26's Liquid Glass Design Draws Criticism From Users

Wednesday September 17, 2025 2:56 pm PDT by
It's been two days since iOS 26 was released, and Apple's new Liquid Glass design is even more divisive than expected. Any major design change can create controversy as people get used to the new look, but the MacRumors forums, Reddit, Apple Support Communities, and social media sites seem to feature more criticism than praise as people discuss the update. Complaints There are a long...
Read Full Article605 comments
iOS 26

iOS 26.1 to iOS 26.4: Here Are 5 New Features to Expect on Your iPhone

Tuesday September 16, 2025 11:17 am PDT by
iOS 26 was finally released on Monday, but the software train never stops, and the first developer beta of iOS 26.1 will likely be released soon. iOS 18.1 was an anomaly, as the first developer beta of that version was released in late July last year, to allow for early testing of Apple Intelligence features. The first betas of iOS 15.1, iOS 16.1, and iOS 17.1 were all released in the second ...
Read Full Article37 comments
M6 MacBook Pro Feature 1

Apple's Rumored MacBook Pro Redesign: 6 New Features Anticipated

Wednesday September 17, 2025 4:26 am PDT by
Apple in October 2024 overhauled its 14-inch and 16-inch MacBook Pro models, adding M4, M4 Pro, and M4 Max chips, Thunderbolt 5 ports on higher-end models, display changes, and more. That's quite a lot of updates in one go, but if you think this means a further major refresh for the ‌MacBook Pro‌ is now several years away, think again. Bloomberg's Mark Gurman has said he expects only a small ...
Read Full Article69 comments
iPhone 17 Pro and Air Feature

Two iPhone 17 Pro and iPhone Air Colors Appear to Scratch More Easily

Friday September 19, 2025 10:02 am PDT by
As reported by Bloomberg today, some of the new iPhone 17 Pro and iPhone Air models on display at Apple Stores today are already scratched and scuffed. French blog Consomac also reported on this topic. The scratches appear to be most prominent on models with darker finishes, including the iPhone 17 Pro and Pro Max in Deep Blue, and the iPhone Air in Space Black. Images Credit: Consoma ...
Read Full Article241 comments
iOS 26 Glass Feature

iOS 26: The Top 100 New Features and Changes

Tuesday September 16, 2025 12:26 pm PDT by
Apple released iOS 26 on September 15, and it's now available for all iPhone users with a compatible device. There are a lot of changes and features to learn about, so if you want a quick, easy-to-read list that outlines what's new, we've got you covered. Design Liquid Glass design that reflects light and refracts what's underneath. It's system wide, with dynamic tab bars and toolbars...
Read Full Article38 comments
ios 26 liquid glass dark mode

iOS 26 Liquid Glass Design Makes App Icons Look Crooked, Report Users

Wednesday September 17, 2025 4:55 am PDT by
iOS 26's new Liquid Glass interface has been criticized for making some content illegible in certain circumstances, and now the UI design is reportedly causing another unusual visual problem for some users. Liquid Glass adds subtle glowing effects to the corners of app icons, creating a dynamic glass-like appearance with depth and parallax effects. However, as noted by Gizmodo, this design...
Read Full Article210 comments
iOS 26

iOS 26.0.1 Coming Soon, Likely With iPhone Air and iPhone 17 Pro Fix

Thursday September 18, 2025 9:17 am PDT by
Apple is preparing to release iOS 26.0.1, according to a private account on X with a proven track record of sharing information about future iOS versions. The update will have a build number of 23A350, or similar, the account said. It is likely that iOS 26.0.1 will fix a camera-related bug on the new iPhone Air and iPhone 17 Pro models. In his iPhone Air review, CNN Underscored's Henry T. ...
Read Full Article64 comments

Top Rated Comments

casperes1996 Avatar
casperes1996
60 months ago
Good to see more software natively supported
Score: 73 Votes (Like | Disagree)
ck2875 Avatar
ck2875
60 months ago

malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.
They probably needed to get their malware out the door so they could get the $500 voucher for returning the Dev. Kit. to Apple.
Score: 32 Votes (Like | Disagree)
jasoncarle Avatar
jasoncarle
60 months ago
Wouldn't just not adding rando browser extensions to Safari protect you from this?
Score: 25 Votes (Like | Disagree)
Dark_Omen Avatar
Dark_Omen
60 months ago
I wish I was a loser that had no life to the point where I create malware to infect other people's machines.

Oh wait, no I don't.
Score: 12 Votes (Like | Disagree)
baryon Avatar
baryon
60 months ago
But Safari extensions were long deprecated ever since Catalina, and now you can only install them from the App Store, for this very reason, to prevent malware. How is this even still possible?
Score: 11 Votes (Like | Disagree)
farewelwilliams Avatar
farewelwilliams
60 months ago
Dunno, I thought Chrome was the first malware for eating all the CPU cycles and memory.
Score: 7 Votes (Like | Disagree)
Read All Comments