Tasker.app/Contents/MacOS/tasker (bystander Mach-O Intel & M1 binary in v2) ~/Library/Launchagents/init_ist (v1 persistence mechanism)ĭeveloper ID Saotia Seay (5834W6MYX3) – v1 bystander binary signature revoked by Apple Malware Version 2įile name: update.pkg (installer package for v2) ~/Library/Launchagents/ist (v1 persistence mechanism) tmp/agent (file containing final v1 payload if distributed) ~/Library/Application Support/agent_updater/agent.sh (v1 script that executes every hour) Mobiletraits.s3.amazonawscom (S3 bucket holding version.json for v1)
The best chance of detecting it on macOS is to use MalwareBytes for Mac which has now been updated to detect and remove it.Īccording to the Red Canary report that first discovered Silver Sparrow, the only way to detect Silver Sparrow on your Mac at the moment it to check for the following files on your Mac: Malware Version 1įile name: updater.pkg (installer package for v1)įile name: updater (bystander Mach-O Intel binary in v1 package) How Do I Detect Silver Sparrow?Īt the moment, anti-malware providers are rapidly updating their software to detect Silver Sparrow on Mac. There has been no detected “payload” or malicious intent discovered so far so it’s purpose is something of a mystery. On M1 Macs, the same message reads “You did it!” in a red background:Īs yet, there’s no evidence that Silver Sparrow is harmful to your Mac or data other than displaying the annoying messages above. It seems that Silver Sparrow communicates with these services to check for commands to carry out in macOS but so far no commands have been issued.Īt the moment, when executed on Intel Macs, Silver Sparrow simply displays a simple “Hello World!” message: So far it is understood to have infected around 30,000 Macs in around 150 different countries and is using Amazon Web Services plus Akamai to spread.
It’s understood that the Silver Sparrow malware leverages the macOS Installer JavaScript API to execute suspicious commands. So there’s no way you can infect your Mac with Silver Sparrow anymore by anything downloaded from the Mac App Store. It’s understood that it uses JavaScript to execute which hasn’t been seen before in any malware that’s detected on Macs.Īpple has already removed the binaries and revoked the certificates of developer accounts that were used to sign the packages that allowed Silver Sparrow to install on a Mac.
How Does Silver Sparrow Infect a Mac?Īt the moment the origins are not fully known but it appears to be an install file that is masquerading as an update to macOS. You can check which Mac you have by going to the Apple logo in the top left of your desktop and selecting “About This Mac”. Silver Sparrow was initially discovered on the new Apple Silicon Macs with M1 chips but it’s also been found on Intel Macs.
0 kommentar(er)
