Apple M1 chip next big malware target – Kaspersky

Apple M1 chip

Kaspersky has warned that the Apple M1 chip is the next big malware attack vector. Why? Cybercriminals like a new challenge instead of sitting back and waiting for their next Bitcoin to roll in.

The Apple M1 chip is an Apple-designed ARM 64-bit chip that replaces the Intel x86 chip previously used in Macs and MacBooks. Eventually, Apple will run entirely on its silicon with a merged iOS and macOS system. Until then, the Apple M1 chips must do two things. Run the new 64-bit software (like iOS does) and run a Rosetta 2 emulation to translate x86 program code into an Apple M1 chip digestible form.

Biting at the Apple M1 Chip cherry

Kaspersky says Rosetta doesn’t distinguish a legitimate program from a malicious one. It runs x86 malware as readily as any other app. But it is always faster and more convenient to run native code, and malware writers are busily recompiling for the Apple M1. Cybercriminals are now releasing malware that attacks both platforms – two bites of the cherry.

How big a problem is it?

Apple rightly states that macOS and iOS are safer than other platforms – but that is a play on words. macOS and iOS are still malware targets. All too often Apple users believe that they cannot catch malware, making them easier, complacent targets.

Kaspersky has seen four ‘families’ already adapted for the Apple M1 chip. The first, XCSSET, infects Xcode projects and allows attackers to do all kinds of nasty stuff on the victim’s Mac. The second, Silver Sparrow, recently made a media splash and is spreading far faster than the first. The third, and fourth, known M1-malware varieties are adware from the Pirrit and Bnodlero families. Hardcore techies can check out our technical breakdown of all four.

Kaspersky is not the only one warning of Apple M1 chip malware

Mac security researcher Patrick Wardle published findings about a Safari adware extension initially written to run on Intel x86 but redeveloped for Apple M1 chips. The malicious extension, GoSearch22, is a member of the notorious Pirrit Mac adware family. It poses as a legitimate Safari browser extension collecting user data and serving illicit ads like banners and popups, including those that link to other malicious sites. Malwarebytes Mac security researcher Thomas Reed agrees with Wardle’s assessment:

It’s important for security researchers to be aware that native M1 malware is not just coming, but already here. Compiling for M1 can be as easy as flicking a switch in the compiler. Many AV apps can detect the Intel-x86 version but fail to detect the ARM-M1 version, even though the code is logically identical.

How to guard against Apple M1 chip malware

Naturally, Kaspersky will recommend its new Security Cloud where all the detection and blocking is in the cloud instead of on-device. It allows macOS and iOS (and Android and Windows) to run small clients on their devices and the hard work done up in the cloud. It also meets with Apple’s approval.

Apple M1 chip

But there is no substitute for caution – DO NOT:

  • follow unknown links in emails or social media
  • download suspicious files or apps, especially if they come from social media mentions
  • install apps from untrusted sources – Apple Apps store only

You can read more eSafety announcements here.