Apple M1-native malware is already appearing in the wild

Get a free Techzine subscription!

Apple’s machines are becoming more targeted as macOS market share grows.

Thanks to the relatively small size of Apple’s share of the PC market, Apple users in the past did not have to worry so much about malware. Indeed, ten years ago, macOS’ operating system market share was only 6.5 percent. This meant that few malware authors bothered to target it at all.

Apple’s share has been growing, however, and IDC reported a surge of growth in macOS machines for 2020. In the desktop segment, Macs now comprise almost 20 percent of the market. That increase in popularity has attracted the attention of malware malefactors. And although the macOS malware threat is still small compared to what is targeting Windows, it is real, and it is growing.

Aiming at the ARM-based M1 processors

Hackers have debuted malware tailored to run on Apple’s new ARM-based M1 processors, released for the MacBook Pro, MacBook Air, and Mac Mini in November. Earlier this week, Mac security researcher Patrick Wardle published his findings on the M1-targeted malware in a blog post entitled “Arm’d & Dangerous.” In it, he detailed his findings of “malicious code, now native on apple silicon”.

Wardle discussed his findings in an interview with Wired magazine. “This shows that malware authors are evolving and adapting to keep up with Apple’s latest hardware and software,” said Wardle. “As far as I know, this is the first time we’ve seen this.”

It was only a matter of time

Apple’s ARM chips are the future of Mac processors. Apple is moving away from Intel and towards using its own silicon. This will give them substantial advantages in not just performance but also price. It was therefore inevitable that malware malefactors would eventually start writing code just for them.

The adware sample Wardle found takes a standard tactic of posing as a legitimate Safari browser extension and then collecting user data and serving illicit ads like banners and popups, including those that link to other malicious sites.