Attackers Already Targeting Apple's M1 Chip with Custom Malware

Attackers Already Targeting Apple's M1 Chip with Custom Malware
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.

The latest processor for Apple's Macs — the M1 chip — has already become a target for malware authors, who have created Mac-specific binaries targeting the ARM64 architecture used by the processors, researchers said this week.

For example, one MacOS malware downloader, dubbed Silver Sparrow, has a number of interesting properties, including the use of the MacOS installer's JavaScript API to create persistence, and communication with a command-and-control (C2) infrastructure built on Amazon Web Services (AWS) servers and Akamai's content distribution network (CDN), security firm Red Canary stated in an analysis of the new malware. In addition, the malware also natively runs on the latest Macs running the M1 ARM64 architecture.

While creating a native binary for the ARM64 architecture is an interesting step on the part of attackers, the development merely allows the malware to run a bit faster and may avoid some x86-focused security measures, says Tony Lambert, intelligence analyst at Red Canary.

"This threat didn't take advantage of any particular feature unique to M1 itself," he says, but adds that "the malware has a greater chance of success on M1 systems due to the [relative lack of] availability of security tools for the new architecture."

Attackers have traditionally focused on Mac systems as an afterthought, since Windows-based computers have historically dominated business applications. However, that has changed over the past decade, with nation-state attackers and more sophisticated hackers focusing on Mac systems, and cybercriminals attempting to focus on legal gray areas, such as adware. In 2020, for example, almost all malware encountered by Mac users attackers already targeting apple custom malware