“Silver Sparrow” has infected nearly 30,000 Macs worldwide—and has been dubbed a “reasonably serious threat” by researchers at Red Canary, but those same security experts say they still aren’t exactly sure what the virus plans to do. It’s a unique threat, in that the malware runs an hourly check to a control server, seeking out new instructions. But so far, none have come. And that has experts worried, since there’s no way to know when it will spring into action.
What Should You Do?
Red Canary notes four files that suggest your system may be infected. A search with Finder (the macOS file manager) can find them. These files include.
- ~/Library/._insu (empty file used to signal the malware to delete itself)
- /tmp/agent.sh (shell script executed for installation callback)
- /tmp/version.json (file downloaded from from S3 to determine execution flow)
- /tmp/version.plist (version.json converted into a property list)
This lengthy (and incredibly helpful) writeup from Ars Technica commenter effgee will help you find the offending files, confirm they’re problematic, and remove them. Since Malwarebytes worked with Red Canary on detection data for its analysis and published piece, odds are good that using the free version of that popular anti-malware scanner/remover should be sufficient, too.
