What is Silver Sparrow? Not Iis not game of Thrones character – did that ship sail? – but rather a new piece of macOS malware running on both Intel and Macs based on M1. This makes it the second part of the malware known to the latter, but there is a silver line: researchers have found tmalicious software before her hada sansa de a in fact harm your system.
Like Canary Red Tony Lambert write:
“… the ultimate purpose of this malware is a mystery. We have no way of knowing for sure what payload would be distributed by the malware, whether a payload has already been delivered and removed, or whether the opponent has a future timeline for distribution. Based on data shared with us by Malwarebytes, the nearly 30,000 affected hosts did not download the next or last payload. ”
Click on the Red Canary blog if you want to get into the crazy technical details of Silver Sparrow. If you’re curious if you’ve been infected, you probably haven’t been and won’t be before – Apple suspended developer certificates used to sign package files that start the infection, which means Mac users will do this you cannot install it if it uses Mac’s default security settings. (I didn’t find the malware mentioned, so I can’t see if your Mac will to warn about not installing it, or simply Mark as a malicious application and forbid you to do so.)
However, if you are worried that you may be infected, think about what you have been doing with your system lately. You have been asked by a website to download one software package and / or update? Was something you do not intend to download or install until a site suggested it should? The package file was named something simple and dull, such as “update.pkg” or “updater.pkg?”
G / O Media may receive a commission
If yes, a little suspicion is rebelliousted. Although there is no real way to detect if that malware is on your system based on observable behavior – because it doesn’t do anything right now and it’s not clear if it ever will – you can search for files that malware removes from your system. Red Notes in the Canary Islands four files that suggest your system may be infected:
- ~ / Library /._ itself (empty file used to signal malware to be deleted)
- /tmp/agent.sh (shell script executed for reverse call installation)
- /tmp/version.json (file downloaded from S3 to determine execution flow)
- /tmp/version.plist (version.json converted to a list of properties)
This long (and incredibly useful) writing of the Ars Technica comment effgee will help you find offensive files, confirm that they are problematic, and remove them. Since Malwarebytes worked with Red Canary on detection data for his analysis and the published piece, the odds are better than the use free version of that the popular anti-malware scanner / remover should suffice.
If the current version of the app doesn’t find or remove Silver Sparrow, make sure you keep the definitions up to date – and that’s it perform regular scans. I wait it won’t be long before company problems a refreshing update macOS clean of that’s boring, but otherwise stagnant malware.