A new malware that targets both M-series as well as Intel Macs has affected about 30.000 systems in 153 countries. The malware is called "Silver sparrow"But at the moment many details are not known about how it was distributed and the purpose of the attacks on Mac computers.
Some information about Silver Sparrow
Experts have so far not found any malicious or dangerous behavior of the malware.
However, as mentioned, it can affect both Intel and M-series Macs. And she the feature makes it almost unique. Η Apple introduced the first Macs with the M1 processor in November 2020. It seems from the creation of Silver Sparrow, cyber criminals did not take long to target these systems.
The first report on Silver Sparrow was published just a few days ago, on February 18th. Therefore, Investigators security still collect information, while as we said before, they do not yet know how to distribute.
However, they have discovered some of the files that malware adds to an infected Mac. According to Red Canary researchers, these archives include:
- ~ / Library /._ insu
A search with Finder (macOS file manager) can detect them. A computer that has the above archives is most likely infected.
There are two versions malware. One only infects Intel Macs. The other version infects both.
How to find the Silver Sparrow version targeting M-series and Intel Macs?
The version that can affect Mac M-series or Intel comes through:
The payload is:
This version of Silver Sparrow also creates:
- specialattributes.s3.amazonaws [.] com
- ~ / Library / Application Support / verx_updater / verx.sh
- / tmp / verx
- ~ / Library / Launchagents / verx.plist
- ~ / Library / Launchagents / init_verx.plist
Again, a search with macOS file manager may display the above in an infected device.
The developer ID of the payload is Julie Willey (MSZ3ZH74RK). THE Apple revoked this account to prevent the further spread of Silver Sparrow.
How to discover it original version of Silver Sparrow aiming only Intel Macs;
The version that affects Intel-based Macs comes through:
The payload is:
File name: updater
This version of malware also creates:
- mobiletraits.s3.amazonaws [.] com
- ~ / Library / Application Support / agent_updater / agent.sh
- / tmp / agent
- ~ / Library / Launchagents / agent.plist
- ~ / Library / Launchagents / init_agent.plist
The binary signature of the payload comes from Developer ID Saotia Seay (5834W6MYX3), which has also been removed from Apple.
If you are worried about safety of your Mac, it would be good to look for the above items. If you find any of these, then you are probably infected with Silver Sparrow.
Source: Cult of Mac