Why You Shouldn't Worry About M1 Mac Malware

Malware is already targeting the new M1 Mac processor, with at least two exploits found "in the wild." But it’s unlikely to be any worse than the malware already contaminating Intel Macs.

Apple's M1 Macs should, in theory, be more secure than the machines they replace. They use Apple's own Apple Silicon chips, which have successfully repelled iOS malware for years. But a lot of the iPhone and iPad's resilience is down to the operating system. iOS was conceived in a hellscape of malicious attacks, whereas the Mac was designed in a time when viruses and phishing didn't exist. Will the M1 chip make any difference? Probably not.

"I’ll give you the straight, honest, and not very exciting answer," Dr. Richard Ford, chief technology officer of security company Cyren, told Lifewire via email, "there’s no reason to be especially worried about M1 Mac Malware—at least, not over and above the malware that exists today for Intel-based Macs."

The Story So Far

Two instances of M1-optimized malware have been studied so far, but neither of them are anything special. They’re just versions of existing malware, recompiled to run natively on Apple Silicon hardware.

One was discovered by Patrick Wardle, security writer and founder of security site Objective-See, while rebuilding his own software to run natively on M1 Macs. Wardle realized that malware authors might be doing the same, and set to search for Apple Silicon-optimized malware. He found a version of a well-known piece of adware named Pirrit. In this case, it installs itself as a Safari extension.

The other recently-discovered M1-native malware is called Silver Sparrow. Security researchers Red Canary discovered this package, and it had spread to almost 30,000 Macs by mid-February. Like most Mac malware, this instance has to be explicitly installed by the user. Usually they’re tricked into this, either by phishing emails or by dressing the malware up as an update.

So far, these two Apple Silicon-optimized pieces of malware don't show any special features. Wardle's discovery was just an existing malware package, recompiled for the M1, and Silver Sparrow doesn't actually do anything other than install itself. It’s probably just a test or proof-of-concept.

Also, existing Mac malware can run just fine under Rosetta 2, Apple's translation layer, which allows apps written for Intel Macs to run seamlessly on Apple Silicon Macs. Malware is just software, after all, so the only difference so far might be that this native malware runs faster and more efficiently on Apple Silicon.

What About iOS?

Now that the Mac shares a chip architecture with the iPhone and iPad, is it possible that malware can cross-propagate between the two? 

"Given how the M1 resembles the chips in an iOS device and how the operating systems seem to be increasingly similar, it seems logical to ask if malware for the Mac represents a potential vulnerability for iOS," security writer Charles Edge told Lifewire via email, "but that seems unlikely, given how much more locked down, or sandboxed, the iOS platform is. Instead, we continue to see the Mac embracing more of the security model of iOS."

This brings us to the main defense against such attacks: the operating system itself. On iOS, every app runs inside a "sandbox." That is, it can never interact with, or even be aware of, other apps or parts of the operating system. This keeps everything compartmentalized and safe.

In recent years, Apple has tried to take the Mac in the same direction, but it's hard. And because apps can be installed from anywhere, not just the App Store, it's always possible the user can be tricked into installing malware on their device. And perhaps our conception of malware as "computer viruses" is out of date anyway.

"While we tend to think of the ‘fancy’ malware that makes the headlines," says Cyren's Ford, "a lot of day-to-day attacks don’t even involve much code. Instead, bad guys target users through phishing attacks using files. These files contain minimal code—just enough to get the user to the phishing site itself."

In the end, the most vulnerable part of your computer is you. Apple and Microsoft can build in all the security they want, but if users click the wrong link, or install malware themselves, then all bets are off.