First Malware Running Natively on M1 Chip Discovered

by

Malware specifically tailored to run on Apple's M1 chip has been discovered, indicating that malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.

macbook air m1 unboxing feature
Mac security researcher Patrick Wardle has now published a report, cited by Wired, that explains in detail how malware has started to be adapted and recompiled to run natively on the ‌M1‌ chip.

Wardle discovered the first known native ‌M1‌ malware in the form of a Safari adware extension, originally written to run on Intel x86 chips. The malicious extension, called "GoSearch22," is a well-known member of the "Pirrit" Mac adware family and was first spotted at the end of December. Pirrit is one of the oldest and most active Mac adware families, and has been known to constantly change in an attempt to evade detection, so it is unsurprising that it has already begun adapting for the ‌M1‌.

The GoSearch22 adware presents itself as a legitimate Safari browser extension, but collects user data and serves a large number of ads such as banners and popups, including some that link to malicious websites to proliferate more malware. Wardle says the adware was signed with an Apple Developer ID in November to further conceal its malicious content, but it has since been revoked.

Wardle notes that since malware for the ‌M1‌ is still at an early stage, antivirus scanners are not detecting it as easily as x86 versions and defensive tools like antivirus engines are struggling to process the amended files. The signatures used to detect threats from malware on the ‌M1‌ chip have not yet been substantially observed, so the security tools to detect and deal with it are not yet available.

Researchers from security company Red Canary told Wired that other types of native ‌M1‌ malware, distinct from Wardle's findings, have also been found and are being investigated.

Only the MacBook Pro, MacBook Air, and Mac mini have Apple silicon chips at this time, but the technology is expected to expand across the Mac lineup over the next two years. Given that all new Mac computers are expected to feature Apple silicon chips like the ‌M1‌ in the near future, it was somewhat inevitable that malware developers would eventually start to target Apple's new machines.

While the M1-native malware that researchers have found does not seem to be unusual or particularly dangerous, the emergence of these new varieties acts as a warning that there is likely more to come.

See Wardle's full report for more information about the first M1-native malware.

Tags: Apple Silicon Guide, M1 Guide

Popular Stories

iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17: What's New With the Cameras

Friday May 2, 2025 3:52 pm PDT by
We've still got months to go before the new iPhone 17 models come out, but a combination of dummy models and leaks have given us some insight into what we can expect in terms of camera changes. Apple is adding new camera features, and changing the design of the camera bump for some models. You might be skeptical of dummy models, but over the years, they've proven to be a highly accurate...
Read Full Article76 comments
AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Tuesday April 29, 2025 1:30 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Read Full Article102 comments
iphone 17 air iphone 16 pro

iPhone 17 Air USB-C Port May Have This Unusual Design Quirk

Wednesday April 30, 2025 3:59 am PDT by
Apple is preparing to launch a dramatically thinner iPhone this September, and if recent leaks are anything to go by, the so-called iPhone 17 Air could boast one of the most radical design shifts in recent years. iPhone 17 Air dummy model alongside iPhone 16 Pro (credit: AppleTrack) At just 5.5mm thick (excluding a slightly raised camera bump), the 6.6-inch iPhone 17 Air is expected to become ...
Read Full Article143 comments
iPhone 17 Air Size Feature

iPhone 17 Air Expected to Have Battery Case Due to 'Worse' Battery Life

Saturday May 3, 2025 8:24 am PDT by
Apple's rumored iPhone 17 Air model will have "worse" battery life compared to previous iPhone models, according to a paywalled The Information report. In internal testing, Apple determined that the percentage of users who will be able to use the iPhone 17 Air for a full day without needing to recharge the device throughout the day will be between 60% and 70%, according to the report. For...
Read Full Article97 comments
iphone 16 pro ghost hand

iPhone 18 Rumors: What to Expect From Apple Next Year

Friday May 2, 2025 3:01 am PDT by
Apple's is continually working with suppliers on successive iPhone models simultaneously, which is why we often get rumored features so far ahead of launch. The iPhone 18 series is no different, and we already have a picture forming of what to expect from Apple's 2026 smartphone lineup. If you're skipping this year's upcoming iPhone 17 series, or just plain curious about Apple's plans...
Read Full Article49 comments
General Spotify Feature

Spotify Submits iOS App Update With Out-of-App Purchase Options

Thursday May 1, 2025 3:37 pm PDT by
Spotify today submitted an app update to Apple that will include information on Spotify plan costs and options to subscribe through weblinks without using the in-app purchase system. Spotify will not need to pay a fee to Apple when customers subscribe to the service using alternate payment methods in the Spotify app. In a blog post announcing the changes, Spotify said that yesterday's ruling ...
Read Full Article288 comments
iOS App Store General Feature JoeBlue

Epic Games Wins Major Victory as Apple is Ordered to Comply With App Store Anti-Steering Injunction [Updated]

Wednesday April 30, 2025 4:01 pm PDT by
In a victory for Epic Games, Apple was today found to be in violation of a 2021 injunction that required it to allow developers to direct customers to third-party purchase options on the web using in-app links. Judge Yvonne Gonzalez Rogers, who has been handling the Apple vs. Epic Games dispute for the last five years, said that Apple is in "willful violation" of the injunction she issued to ...
Read Full Article254 comments
iOS 19

Apple Already Testing iOS 19.4 After Delaying Personalized Siri Features

Thursday May 1, 2025 9:03 am PDT by
A subset of Apple's software engineers started internal development of iOS 19.4 last month, according to the MacRumors visitor logs. iOS 19.4 is expected to be released in March or April next year, so the software update is still nearly a year away. However, Apple develops both "Fall" and "Spring" versions of iOS each year, with our website's analytics logs indicating that both iOS 19.0 and...
Read Full Article50 comments

Top Rated Comments

casperes1996 Avatar
casperes1996
55 months ago
Good to see more software natively supported
Score: 73 Votes (Like | Disagree)
ck2875 Avatar
ck2875
55 months ago

malware authors have begun adapting malicious software for Apple's new generation of Macs with Apple silicon.
They probably needed to get their malware out the door so they could get the $500 voucher for returning the Dev. Kit. to Apple.
Score: 32 Votes (Like | Disagree)
jasoncarle Avatar
jasoncarle
55 months ago
Wouldn't just not adding rando browser extensions to Safari protect you from this?
Score: 25 Votes (Like | Disagree)
Dark_Omen Avatar
Dark_Omen
55 months ago
I wish I was a loser that had no life to the point where I create malware to infect other people's machines.

Oh wait, no I don't.
Score: 12 Votes (Like | Disagree)
baryon Avatar
baryon
55 months ago
But Safari extensions were long deprecated ever since Catalina, and now you can only install them from the App Store, for this very reason, to prevent malware. How is this even still possible?
Score: 11 Votes (Like | Disagree)
farewelwilliams Avatar
farewelwilliams
55 months ago
Dunno, I thought Chrome was the first malware for eating all the CPU cycles and memory.
Score: 7 Votes (Like | Disagree)
Read All Comments