Last year, Apple released Macbooks and Mac Minis powered by a new ARM CPU—the Apple M1. A few months later, malware authors are already targeting the new hardware directly. Wired interviewed Mac security research Patrick Wardle, who discovered an M1-native version of the long-running, Mac-targeted Pirrit adware family.
Apple M1, malware, and you
ARM CPUs have a very different Instruction Set Architecture (ISA) than traditional x86 desktop and laptop CPUs do, which means that software designed for one ISA can’t run on the other without help. M1 Macs can run x86 software with a translation layer called Rosetta, but native M1 apps of course run much faster—as we can see by comparing Rosetta-translated Google Chrome to the M1 native version.
When it comes to malware, Apple users have long benefited from the minority status of their platform. Ten years ago, macOS’s operating system marketshare was only 6.5 percent, and few malware authors bothered to target it at all—but today, that marketshare is approaching 20 percent. That increase in popularity has brought malware vendors along with it; the macOS malware ecosystem is still tiny and relatively crude compared to the one plaguing Windows, but it’s very real.