Apple M1 ARM CPUs get malware targeting macOS: Mac-targeted Pirrit adware family adds new strains

Apple M1 Malware
Apple M1 macOS malware on the rise. Pic credit: Vishnu Vijayan/Pixabay

Apple macOS MacBook PCs and laptops with the new M1 System on a Chip (SoC) are vulnerable to new strains of the Pirrit malware family. Malware creators have modified GoSearch22, a Safari browser extension, to run natively on the new ARM-based CPUs.

Security researcher Patrick Wardle has discovered an Apple M1-native version of malware that belongs to the long-running Mac-targeted Pirrit adware family. The Apple M1 SoC is the first commercial Apple processor that is based on the ARM instruction set instead of the traditional x86.

Apple macOS has started attracting the attention of virus creators:

Apple macOS has always been a safer and secure alternative to Windows operating system. The company has several design and deployment policies that make the macOS very secure.

However, one of the main reasons that the Windows 10 operating system is at far greater risk of attracting malware is its huge adoption and usage. Apple macOS, in comparison, runs on far fewer computers. However, this is rapidly changing.

About a decade ago, macOS had just a 6.5 percent market share. Today, the tightly controlled operating system exclusively for Apple-made MacBook and Macintosh line of computers and laptops enjoy much greater market share.

According to a number of reports, Apple macOS is quickly approaching a 20 percent market share. While this is certainly way less than Windows 10, it is enough to attract the attention of malware and virus creators.

Digital threats directed towards macOS are rising. Interestingly, the new Apple M1 SoC, based on the ARM CPUs, has attracted malware far quicker than any previous variants.

Apple M1 SoC gets native malware strains quicker than any previous variants:

The Apple M1 Silicon marks a significant milestone not just for Apple but also for desktop-grade computing in general. Traditionally, Intel and AMD dominated the desktop and laptop computing space. However, Apple has now developed and introduced a new CPU that packs ARM CPUs.

ARM CPUs have a very different Instruction Set Architecture (ISA) than traditional x86 desktop and laptop CPUs. This directly means software designed for one ISA is not compatible with the other ISA.

Apple M1 is a clear exception to the rule because the company has painstakingly developed a translation layer called Rosetta. Incidentally, most existing macOS malware will run on an M1-equipped Mac through the Rosetta ISA.

However, the new malware targets M1 SoC natively. This means there’s no need for the intermittent translation layer.

Needless to add, there are quite a few benefits to targeting the new hardware directly. As there are fewer processing cycles, the malware draws less computing power and can work silently without noticeably bogging down the system.

The new Apple M1 malware strain isn’t that different from the Mac-targeted Pirrit adware family. According to a few reports from users who suffered an infection, the adware changes the default search engine, the malware tracks web browser usage, and it inserts any normal websites with its own ads.

Infected users have observed coupons, banners, pop-up ads, surveys, and other types of ads that promote shady websites and downloads. The malware can also collect data such as IP addresses, search queries, etc.

It is concerning to see the rapid pace of transition from Intel to Apple Silicon of malware creators. The Apple M1 macOS running Macs and MacBook computers are barely a few months old. Simply put, these new strains could just be the beginning.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x