What is a silver sparrow?No iIs not game of Thrones Character-Has that ship sailed? New macOS malicious software Run on two Intel with Based on M1
As a red canary Tony Lambert Wrote:
“…The ultimate goal of this malware is a mystery. We cannot know with certainty what payload the malware will distribute, whether the payload has been delivered and deleted, or whether the adversary has a future distribution schedule. According to Malwarebytes shared with us Of the data, nearly 30,000 affected hosts have not yet downloaded the next or final payload.”
If you want to know the technical details of Silver Sparrow, please click on Red Canary’s blog.If you are curious about whether you are infected, it is likely that you have not been infected yet, and you will not Looking to the future-Apple has suspended Developer certificate Used to sign the package file that started the infection, which means that Mac users will If they use the Mac’s default security settings, they cannot install it. (I haven’t found the above malware, so I can’t verify if your Mac will caveat You plan not to install it, Or simply Mark it As a malicious application And prohibit you from doing this)
However, if you are concerned that you may have been infected, please consider what you have done to the system recently.The website prompts you to download one Software packages and/or updates?is it What you don’t plan to download or install until A website suggest you should? Is the package file named simple and tedious, such as “update.pkg” or “updater.pkg”?
if so, Wolan is a little skepticalTEdit.Although there is no real way to detect whether the above-mentioned malware exists on your system based on observable behavior, it is not clear whether any measures have been taken so far. In this way, you can search for files dropped by malware on your system.Red Canary Notes Four files that may indicate that your system has been infected:
- ~/Library/._insu (used to instruct the malware to delete its own empty file)
- /tmp/agent.sh (execute the shell script used to install the callback)
- /tmp/version.json (download the file from S3 to determine the execution flow)
- /tmp/version.plist (version.json is converted to an attribute list)
THis lengthy (and very useful) article From Ars Technica commentator effgee It will help you find the problematic files, confirm that they are problematic, and then delete them.Due to malware bytes Cooperation with Red Canary Test data in order to Its analysis and published articles are very likely to be used Free version Over there Popular anti-malware scanners/cleaners should also be sufficient.
If the current version of the application does not find and delete Silver Sparrow, make sure to update its definition, and You are performing a regular scan.I Expected Soon after the company problem Scrub update macOS cleanup This is annoying but stagnant malicious software.