Apple Silicon Security Already Compromised By Alarming And Active M1 Malware

Apple M1 Processor
Apple is embarking on a two-year plan to transition away from using Intel processors across its laptop and desktop families, in favor of its own Arm-based silicon. The venture begins with the M1, an impressive piece of hardware that is generally garnering favorable reviews (including our own Mac mini 2020 review with an M1 chip inside). However, it's not all peaches and cream—a security researcher has discovered the first bit of malware in the wild that is native to the M1 chip.

Patrick Wardle, a former researcher for the US National Security Agency (NSA) and currently an independent macOS security researcher, came upon a malicious Safari browser extension called GoSearch22. It was originally coded for Intel x86 hardware, but there is a new version developed for the M1, and apparently it is part of the "insidious 'Pirrit' adware" family, Wardle says.

"So we’ve succeeded in finding a macOS program containing native M1 (arm64) code… that is detected as malicious! This confirms malware/adware authors are indeed working to ensure their malicious creations are natively compatible with Apple’s latest hardware," Wardle explains in a blog post.

Therein lies the bigger concern—not that a single malicious extension targeting M1 hardware has been found, but that malicious actors are turning their attention to the new chip and accompanying systems. Equally concerning, at least in the early going, is that analysis tools and antivirus engines may "struggle" to detect malicious Arm64 binaries.

In this particular case, Wardle found that when uploading both the Intel x86 and Arm64 variant of this malicious extension to VirusTotal, a site that analyzes files with more than three dozen anti-malware engines, the detection rate of the latter dropped 15 percent compared to the former.

Mac Attacks Targeting Businesses Users Are On The Rise

Apple MacBook Pro
Wardle's findings play into a larger trend. In a recent Malwarebytes report, the security outfit noted a concerning rise in attacks targeting Mac systems where it can potentially hurt the most—within the business environment. While consumer attacks were actually down, Mac attacks targeting business users jumped 31 percent in 2020, with adware on Macs representing 22 percent of threat detections.

Malwarebytes was surprised by this finding, in part because the "COVID-19 pandemic influenced the cybercrime world so much that many anticipated campaigns either never arrived, arrived with less impact, or were replaced entirely with attacks more suited against users during a pandemic."

Meanwhile, attacks targeting business uses on Windows declined 24 percent last year. That is not to say Windows is a safer platform, but it is an interesting trend all the same. It is also worth noting that Mac detections hit an all-time high in 2019, which makes it even more concerning that malicious activity targeting business users increased further last year.