Monday, March 1, 12:34
Home rapidshare How to see if Silver Sparrow malware is hiding on your Mac?

How to see if Silver Sparrow malware is hiding on your Mac?

A new malware that targets both M-series as well as Intel Macs has affected about 30.000 systems in 153 countries. The malware is called "Silver sparrow"But at the moment many details are not known about how it was distributed and the purpose of the attacks on Mac computers.

Silver Sparrow malware
How to see if Silver Sparrow malware is hiding on your Mac?

Some information about Silver Sparrow

It is said that Silver Sparrow takes advantage of one vulnerability in macOS Installer JavaScript API in order to execute dangerous commands. Its security researchers Red Canary they say the only payload found are two placeholder apps. The version for the M-series Macs displays only one message that says: "You did it!".

Experts have so far not found any malicious or dangerous behavior of the malware.

However, as mentioned, it can affect both Intel and M-series Macs. And she the feature makes it almost unique. Η Apple introduced the first Macs with the M1 processor in November 2020. It seems from the creation of Silver Sparrow, cyber criminals did not take long to target these systems.

Silver Sparrow Mac
How to see if Silver Sparrow malware is hiding on your Mac?

The first report on Silver Sparrow was published just a few days ago, on February 18th. Therefore, Investigators security still collect information, while as we said before, they do not yet know how to distribute.

However, they have discovered some of the files that malware adds to an infected Mac. According to Red Canary researchers, these archives include:

  • ~ / Library /._ insu
  • /tmp/
  • /tmp/version.json
  • /tmp/version.plist

A search with Finder (macOS file manager) can detect them. A computer that has the above archives is most likely infected.

There are two versions malware. One only infects Intel Macs. The other version infects both.

How to see if Silver Sparrow malware is hiding on your Mac?

How to find the Silver Sparrow version targeting M-series and Intel Macs?

The version that can affect Mac M-series or Intel comes through:


MD5: fdd6fb2b1dfe07b0e57d4cbfef9c8149

The payload is:

MD5: b370191228fef82635e39a137be470af

This version of Silver Sparrow also creates:

  • specialattributes.s3.amazonaws [.] com
  • ~ / Library / Application Support / verx_updater /
  • / tmp / verx
  • ~ / Library / Launchagents / verx.plist
  • ~ / Library / Launchagents / init_verx.plist

Again, a search with macOS file manager may display the above in an infected device.

The developer ID of the payload is Julie Willey (MSZ3ZH74RK). THE Apple revoked this account to prevent the further spread of Silver Sparrow.

How to discover it original version of Silver Sparrow aiming only Intel Macs;

The version that affects Intel-based Macs comes through:


MD5: 30c9bc7d40454e501c358f77449071aa

The payload is:

File name: updater

MD5: c668003c9c5b1689ba47a431512b03cc

This version of malware also creates:

  • mobiletraits.s3.amazonaws [.] com
  • ~ / Library / Application Support / agent_updater /
  • / tmp / agent
  • ~ / Library / Launchagents / agent.plist
  • ~ / Library / Launchagents / init_agent.plist

The binary signature of the payload comes from Developer ID Saotia Seay (5834W6MYX3), which has also been removed from Apple.

If you are worried about safety of your Mac, it would be good to look for the above items. If you find any of these, then you are probably infected with Silver Sparrow.

Source: Cult of Mac


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Chrome: The sites will open in desktop mode on large Android tablets

Google Chrome is experimenting with a new feature that will automatically open web pages in desktop mode on an Android tablet that have several ...

Stalkerware: Russia, Brazil and the US were most affected in 2020

New research from the cyber security company "Kaspersky" points out that Russia, Brazil and the USA were the countries that were most affected ...

Why is the trend of selfie pop-up cameras being lost?

In recent years, technology companies have made bezels (also known as hoops) as thin as possible. In this way,...

Gab: Data from far-right users of the platform leaked

It was about a month and a half ago when Twitter and other major social networking platforms banned Donald Trump and other users with ...

T-Mobile: The company's customers received SIM swapping attacks!

The telecommunications provider "T-Mobile" revealed that it suffered data breach, after realizing that some of its customers were victims of SIM swapping attacks ....

Verizon: Turn off 5G so that the battery does not run out quickly

Despite the continued promotion of 5G smartphones and the $ 45 billion it spent on the new speed range, Verizon advises ...

A Berliner is in jail for threatening to bomb an NHS hospital

A Berliner is accused of blackmailing the National Health Service (NHS) and threatening to bomb a hospital. THE...

Do you have AirPods? See how to connect them to your Apple TV

If you have an Apple TV, you can use the AirPods, AirPods Pro or Max wireless headphones to watch videos, play games ...

How to transfer passwords from LastPass to 1Password

LastPass and 1Password are two powerful password managers. But if you do not want to use LastPass again, it is easy to transfer ...

How can you use the Split Screen feature on Android?

Google has introduced Android Split Screen as a productivity feature for the first time in Android 7.0 Nougat. This is a function ...