It seems that even the M1 chip is susceptible to malware

Macbook Air M1
Macbook Air M1 (Image credit: Daniel Bader / iMore)

What you need to know

  • There's malware out there that is adapting to run natively on the M1 chip.
  • The malware in question is "GoSearch22," which disguises itself as a Safari browser extension.
  • Never click on suspicious things.

Apple released its own M1 silicon a few months ago and has touted it to be the latest and greatest for the future of the Mac, but it's still susceptible to malware, apparently. That's right — malware that has been specifically tailored to run on M1 Macs has been discovered. This means that malware authors are adapting to Apple's latest technology.

A report by Mac security researcher Patrick Wardle, via Wired, explains all of the details about how this malware has been adapted and recompiled to natively run on the M1 chip. This malware was first discovered in the form of a Safari adware extension that was originally created for Intel x86 chips. "GoSearch22" is the extension in question, and it's apparently a well-known member of the "Pirrit" Mac adware family, first spotted towards the end of December 2020. Considered to be one of the oldest and most active Mac adware families, Pirrit is known to constantly change and evolve in order to evade detection. With this information at hand, it's not surprising that it has adapted to the M1 chip.

With GoSearch22, it will present itself as a legitimate Safari extension, looking innocent on the surface. But as it runs in the background, it will collect user data and deliver a large number of ads and popups, with some linking back to malicious websites to proliferate even more malware. According to Wardle's report, the adware has been signed with an Apple Developer ID last November to avoid detection — this verification has since been revoked.

This new M1 malware is still in the early stages, so it is hard to detect it with antivirus scanners when compared to the x86 versions. Any signatures that are usually used to detect security threats in malware on the M1 has not fully been observed yet, making resources scarce at this time.

The security company, Red Canary, had researchers tell Wired that there are also other types of native M1 malware, different from Wardle's results, have also been found and are currently being investigated.

As of right now, the M1 chip is only found in the MacBook Air, 13-inch MacBook Pro, and the Mac mini. It's expected to expand into the rest of the Mac lineup later this year. As Apple's technology for the Mac continues to evolve, we should also expect malware and other security threats to adapt and target them.

A good first step towards preventing malware and viruses on your Mac is to never click links or attachments that look suspicious.

Christine Romero-Chan was formerly a Senior Editor for iMore. She has been writing about technology, specifically Apple, for over a decade at a variety of websites. She is currently part of the Digital Trends team, and has been using Apple’s smartphone since the original iPhone back in 2007. While her main speciality is the iPhone, she also covers Apple Watch, iPad, and Mac when needed.

When she isn’t writing about Apple, Christine can often be found at Disneyland in Anaheim, California, as she is a passholder and obsessed with all things Disney, especially Star Wars. Christine also enjoys coffee, food, photography, mechanical keyboards, and spending as much time with her new daughter as possible.

2 Comments
  • Hi, in my mind, there 's a big difference between having malware able to run on multiple chip architectures (Intel, ARM, M1, etc.) and having a chip susceptible to malware. The latter means that malware would be able to take advantage of security vulnerabilities present in the chip architecture, like SPECTRE and METLDOWN did (https://meltdownattack.com). What's happening here is more the former, which is just the fact that "bad guys" have started recompiling their malware code to run on the M1 chip. What's funny is that I expected it to happen much sooner than that. In my opinion, your headline is incorrect and thus misleading. But hey, if you want more clicks at the expense of technical accuracy, be my guest.
  • You are being a bit harsh there. I don't think there is anything wrong with the title. It is not misleading. If anything, it is saying nothing. "the M1 chip is susceptible to malware" means no less, no more than "it looks like the M1 chip is capable of running code responsible for more than animating the brown pile of carp emoji".