The M1 Malware GoSearch22

For several years, Apple users have gained from a reasonably stable and safe operating system when it comes to malware, compared to that of Windows. In the past, few malware creators used to bother to attack macOS operating system, mostly due to the low market share that it used to take. Nowadays, however, with the increase in popularity of Mac devices, more and more malware developers are turning their eyes to MacOS as a lucrative target.

Proof of that is the recent discovery of malware that malicious authors have specifically adapted to run in Apple’s latest generation of Macs with Apple silicon. The malicious piece of software, identified as GoSearch22, is the first known malware that has been built to operate on the Apple M1 chip natively.

GoSearch22 on Safari

Discovered at the end of December, GoSearch22 is a Safari adware extension that belongs to the infamous “Pirrit” Mac adware family. What is known about Pirrit is that this is one of the oldest and most active adware families for Mac devices and is known to constantly adjust to prevent being detected. That’s why it’s no surprise that it’s already started adjusting to M1 chips.

The GoSearch22 adware introduces itself as a regular Safari browser extension. Once installed, however, it collects user data and offers a wide range of advertisements, such as banners, pop-ups, and links to random sites. Analysis of the threat reveals that GoSearch22 has attempted to mask itself by been signed with an Apple Developer ID earlier in November.

Malware for M1 is still a new thing, thus, security professionals are warning the users of devices with this chip that antivirus scanners are not that quick to find it, thus protection tools for identification and removal of such threats are not yet very reliable.

Researches have shown that other forms of native M1 malware have also been detected. Currently, only the MacBook Pro, MacBook Air, and Mac mini are fitted with Apple silicon chips, however, the technology is likely to be adopted in all new Mac computers. With this in mind, it is natural for malware developers to start targeting new Apple devices. The discovery of malware variants like GoSearch22 only indicates that more threats are about to come.

For further detail on the first M1 native malware, please check the complete article from Mac security researcher Patrick Wardle who has published a detailed report on the discovery.

How to get rid of GoSearch22 on Mac?

Obviously, if you are amongst the affected users you should get rid of the fast-spreading threat that is GoSearch22. To get rid of GoSearch22 you can look up GoSearch22 removal instructions on a website called