The mysterious malware has infected tens of thousands of Macs. How to check your computer

It was only recently that cyber security experts identified the first malware that threatens Apple computers with an M1 chip when news of a new threat emerged. Once again, the malware targets both Intel-based Macs and Macs with the Apple M1 chip. Experts note that they have already been infected over 30,000 computers Apple, and their number is constantly growing. Yes, this software might even be on your Mac. The situation is complicated by the fact that so far the “malware” does not manifest itself in any way and has a self-destruct mechanism, so it is impossible to determine exactly what software has ever visited your computer.

New malware is difficult to detect because it … does nothing

What is Silver Sparrow

Specialists from Red Canary, who were the first to sound the alarm, named the new threat Silver Sparrow… Moreover, they managed to find two versions of the malware: one was compiled for Intel x86 and x64, and the other for the M1 chip with ARM architecture.

According to experts, this is precisely the worst thing. Apparently, the software is under active development, and hackers can use Silver Sparrow for their own purposes at any time. From stealing user information to using the computing power of computers for their own purposes.

Apple quickly responded to the new threat and revoked all developer certificates under which the malware was distributed. That is, Mac users will not be able to install it on their computers if they use the default security settings. We are talking about installing applications only from the Mac App Store or from developers with valid certificates.

How to check your Mac for viruses

Silver Sparrow threatens tens of thousands of Macs

Surely after reading you started to worry that you could get infected. In our chat Telegram is already actively discussing this topic. It is important to note that your own the computer cannot get infected – only if you yourself downloaded some software (for example, from a torrent or a dubious site) and installed it. Therefore, to begin with, remember what you have been doing with your computer lately. Have you been prompted to download a software package or update from a website? Have you downloaded something from the pop-ups in your browser, even though you didn’t originally plan to do so? Was the uploaded file named, for example, “update.pkg” or “updater.pkg»?

If so, then there is reason to suspect that your Mac infected by Silver Sparrow… So far, there is no real way to determine if the specified malware is present on your system, as it is not doing anything at the moment and it is unclear if it will do anything at all. But you can look for files that malware dumps into your system. Red Canary marks four files that may indicate that your system is infected:

  • ~ / Library /._ ins (an empty file used to make the malware delete itself);
  • /tmp/agent.sh (script for reinstallation);
  • /tmp/version.json;
  • /tmp/version.plist.

Try looking for these files on your Mac, and if you find them, remove immediately.

You can also try downloading the free version Malwarebytes applications for Mac. As the antivirus creators helped Red Canary detect the new threat, chances are good that using this popular scanner and malware removal tool will help remove the “malware.”

Apple is also expected to release a Mac software update soon, which will protect computers from Silver Sparrow. But no one guarantees that other certificates will not be used to distribute malware, or a new threat for M1 will not be released. The main rule to follow to protect yourself is not to install applications from questionable sources.


Source: AppleInsider.ru — крупнейший сайт о iPhone, iPad, Mac в России by appleinsider.ru.

*The article has been translated based on the content of AppleInsider.ru — крупнейший сайт о iPhone, iPad, Mac в России by appleinsider.ru. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!