What is Silver Sparrow? No, meis not one Game of Thrones character — has that ship sailed? But rather a new piece of macOS malicious software which works with Intel i M1-based macs. This makes it the second known piece of malware for the latter, but there is a problem: researchers discovered tmalware before alreadyda chance to actually hassemble the system.
Like Red Canary Tony Lambert write:
“… the ultimate goal of this malicious software is a mystery. We have no way of knowing for sure what payload the malicious software would distribute, whether a payload has already been delivered and removed, or whether the adversary has a future timeline for distributing it. Based on data shared with us by Malwarebytes, the nearly 30,000 affected hosts have not downloaded what the next or final payload would be. “
Click on the Red Canary blog if you want to delve into the technical details of Silver Sparrow. If you’re curious to know if you’ve been infected, chances are you don’t have one or will be forward: Apple has suspended the file developer certificates is used to sign package files that start the infection, that is, Mac users will you won’t be able to install it if they use Mac’s default security settings. (I didn’t find this malware, so I can’t verify if your Mac will warn not to install, or simply mark it as a malicious application and forbids you to do so.)
However, if you are concerned that you have become infected, consider what you have done recently with your system. A website asked you to download a file software package and / or update? It was something you did not intend to download or install to a website suggested to you? It was said that the package file was simple and boring, such as “update.pkg” or “updater.pkg?”
G / O Media may receive a commission
If so a little suspicion is dangerousted. Although there is no real way to detect if this malware is on your system based on observable behavior, as it does nothing at this time and it is unclear if it ever will: you can search for files that the malicious software deletes on your system. Canary red notes four files that suggest your system may be infected:
- ~ / Library /._inse (empty file used to indicate that malware is being removed)
- /tmp/agent.sh (shell script executed for installation callback)
- /tmp/version.json (file downloaded from S3 to determine execution flow)
- /tmp/version.plist (version.json converted to a list of properties)
Tits long writing (and incredibly useful) by Ars Technica commentator efgee will help you find offensive files, confirm that they are problematic, and delete them. From Malwarebytes He worked with Red Canary on detection data per by their analysis and publication, the probabilities are good to use the free version of this popular antimalware scanners / suppressors should also suffice.
If the current version of the app does not find or remove Silver Sparrow, be sure to keep its definitions up to date, and this do regular scans. Jo to wait it won’t happen much sooner the company problems an update that rubs off macOS net of this annoying, but otherwise stagnant malicious software.