First Malware Running Natively on M1 Chip Discovered

Malware specifically tailored to run on Apple's M1 chip has been discovered, indicating that malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.

macbook air m1 unboxing feature
Mac security researcher Patrick Wardle has now published a report, cited by Wired, that explains in detail how malware has started to be adapted and recompiled to run natively on the ‌M1‌ chip.

Wardle discovered the first known native ‌M1‌ malware in the form of a Safari adware extension, originally written to run on Intel x86 chips. The malicious extension, called "GoSearch22," is a well-known member of the "Pirrit" Mac adware family and was first spotted at the end of December. Pirrit is one of the oldest and most active Mac adware families, and has been known to constantly change in an attempt to evade detection, so it is unsurprising that it has already begun adapting for the ‌M1‌.

The GoSearch22 adware presents itself as a legitimate Safari browser extension, but collects user data and serves a large number of ads such as banners and popups, including some that link to malicious websites to proliferate more malware. Wardle says the adware was signed with an Apple Developer ID in November to further conceal its malicious content, but it has since been revoked.

Wardle notes that since malware for the ‌M1‌ is still at an early stage, antivirus scanners are not detecting it as easily as x86 versions and defensive tools like antivirus engines are struggling to process the amended files. The signatures used to detect threats from malware on the ‌M1‌ chip have not yet been substantially observed, so the security tools to detect and deal with it are not yet available.

Researchers from security company Red Canary told Wired that other types of native ‌M1‌ malware, distinct from Wardle's findings, have also been found and are being investigated.

Only the MacBook Pro, MacBook Air, and Mac mini have Apple silicon chips at this time, but the technology is expected to expand across the Mac lineup over the next two years. Given that all new Mac computers are expected to feature Apple silicon chips like the ‌M1‌ in the near future, it was somewhat inevitable that malware developers would eventually start to target Apple's new machines.

While the M1-native malware that researchers have found does not seem to be unusual or particularly dangerous, the emergence of these new varieties acts as a warning that there is likely more to come.

See Wardle's full report for more information about the first M1-native malware.

Popular Stories

Generic iOS 18 Feature Real Mock

iOS 18 Coming Later This Month With These 8 New Features

Tuesday September 3, 2024 12:07 pm PDT by
iOS 18 has been in beta testing for nearly three months, and the software update will finally be released for all compatible iPhones soon. Apple should reveal iOS 18's exact release date during its September 9 event, with the most likely possibility being Monday, September 16. Below, we have highlighted eight key new features included in iOS 18. Note that Apple Intelligence is not coming...
iPhone 16 Pro Mock Article

iPhone 16 Launch Month Is Here: Everything We Know

Sunday September 1, 2024 4:30 am PDT by
Apple has announced that on Monday, September 9 it will hold its annual fall event, which means we are just days away from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. ...
iPhone 16 Side New Action Button Emphasis Bump

iPhone 16 Apple Silicone Cases Have No Cutout for New Capture Button

Wednesday September 4, 2024 3:19 am PDT by
Apple is introducing a new camera-based "Capture" button on at least some iPhone 16 models this year, and a new rumor claims that Apple's own silicone cases will have a design that is specially made so as not to impede the use of the capacitive button's multiple functions. Several rumors have suggested that the iPhone 16 models are going to have an all-new button that's designed to make it...
iOS 18 CarPlay Feature

iOS 18 Adds These 6 New Features to CarPlay

Tuesday September 3, 2024 12:59 pm PDT by
Apple did not mention CarPlay when it unveiled iOS 18 in June, but the update includes a handful of new features for the in-car iPhone system. iOS 18 includes some changes to the Messages app, Settings app, and Siri on CarPlay. The update should be widely released later in September. Below, we recap CarPlay's key new features on iOS 18. 1. Contact Photos in Messages App iOS 18 adds...
sonny iphone 16 pro colors

New iPhone 16 and iPhone 16 Pro Colors Revealed Ahead of Apple Event

Friday September 6, 2024 5:01 am PDT by
Apple is "shaking up its color palette" for its iPhone 16 lineup this year, according to well-connected Bloomberg reporter Mark Gurman. Early iPhone 16 Pro dummy models via Sonny Dickson According to Gurman, the iPhone 16 Pro models will come in a Gold Titanium to replace Blue Titanium, while the Black, White, and Natural Titanium options that debuted with the iPhone 15 Pro will remain...
iPhone SE 4 Thumb 1

iPhone SE 4 to Complete Apple's Switch to OLED Across iPhone Lineup

Tuesday September 3, 2024 3:31 am PDT by
Apple is expected to launch a fourth-generation iPhone SE early next year with an OLED display for the first time, marking the completion of Apple's adoption of OLED technology across all iPhone models. According to Nikkei Asia, the move away from LCD displays will exclude two longstanding Japanese panel makers, Japan Display (JDI) and Sharp, from Apple's iPhone supply chain. In 2017,...
Apple Logo Spotlight

Apple Likely to Launch M4 Macs in November

Sunday September 1, 2024 1:43 am PDT by
Apple will likely announce new Mac models with M4-series chips in November, confidential information obtained by MacRumors claims. According to a reliable source familiar with the matter, Apple will release new Mac models in November 2024. While new Macs are usually released toward the end of the year, this is the first time a launch month has been singled out for the upcoming M4 Macs....

Top Rated Comments

casperes1996 Avatar
46 months ago
Good to see more software natively supported
Score: 73 Votes (Like | Disagree)
ck2875 Avatar
46 months ago

malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.
They probably needed to get their malware out the door so they could get the $500 voucher for returning the Dev. Kit. to Apple.
Score: 32 Votes (Like | Disagree)
jasoncarle Avatar
46 months ago
Wouldn't just not adding rando browser extensions to Safari protect you from this?
Score: 25 Votes (Like | Disagree)
Dark_Omen Avatar
46 months ago
I wish I was a loser that had no life to the point where I create malware to infect other people's machines.

Oh wait, no I don't.
Score: 12 Votes (Like | Disagree)
baryon Avatar
46 months ago
But Safari extensions were long deprecated ever since Catalina, and now you can only install them from the App Store, for this very reason, to prevent malware. How is this even still possible?
Score: 11 Votes (Like | Disagree)
farewelwilliams Avatar
46 months ago
Dunno, I thought Chrome was the first malware for eating all the CPU cycles and memory.
Score: 7 Votes (Like | Disagree)