Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Takes Step to Prevent Further Spread of 'Silver Sparrow' Malware on Macs
- Thread starter MacRumors
- Start date
- Sort by reaction score
Bash:
if [ -f ~/Library/._insu ]; then echo "Silver Sparrow detected\!"; else echo "All is ok."; fi
Saw this form another article in the comments:
"For those wondering, from the external blog post there are two scripts written to disk that should indicate if you have it, the locations are:
/tmp/agent.sh and ~/Library/Application Support/verx_updater/verx.sh"
"For those wondering, from the external blog post there are two scripts written to disk that should indicate if you have it, the locations are:
/tmp/agent.sh and ~/Library/Application Support/verx_updater/verx.sh"
Malwarebytes makes a free downloadable scanner. If you are worried, download and run that.
AS FAR AS I KNOW the above recommend "Clean my Mac" IS MALWARE.
Stay away from torrent sites 👏
Don’t install pirate apps 👏
Stay away from illegal streaming sites 👏
Stay away from crypto sites and crypto apps 👏
Always remember that open source apps on GitHub doesn’t mean they are malware free if all the devs are in on it 👏
Don’t click on shortened URLs sent or posted by anon accounts on social media 👏
Don’t install more apps than you really need 👏
Only use signed apps from well known developers 👏
Delete Facebook 👏
Don’t install pirate apps 👏
Stay away from illegal streaming sites 👏
Stay away from crypto sites and crypto apps 👏
Always remember that open source apps on GitHub doesn’t mean they are malware free if all the devs are in on it 👏
Don’t click on shortened URLs sent or posted by anon accounts on social media 👏
Don’t install more apps than you really need 👏
Only use signed apps from well known developers 👏
Delete Facebook 👏
Stay away from malware scanners unless it is documented online that they do some good for something that needs attention in the news here. 
Probably because there's no malicious payload? " Apple also reiterated that Red Canary found no evidence to suggest the malware has delivered a malicious payload to Macs that have already been infected."
Also, it would be unrealistic to expect an automated scanner to detect all infections.
Apple already has active scanning. But there will always be something new to get around whatever security was in place. I remind myself no system is 100% secure. It's nearly impossible to engineer something that can't be infected if it is talking on a network. It's the same reason humans still get colds.
Apple searched for "malicious content" and didn't find any. Because there wasn't actually any.
So if I dont have these two files, that means my Macs are clean right? gosh, we have to deal with Covid-19 out there and Sparrow virus inside our Macs. what a world!@#$
Tomorrows news "Epic partners of M1 malware company to sue apple for revoking their license"
No it's not been using it for many many years, maybe you should check it out before making such a statement......
No, the notarization process worked as intended.
It's an automated process that scans apps for known signatures and automatically rejects, but just because it didn't detect an unknown one doesn't mean it failed, Apple was still able to revoke the certificates and that prevents the malware from running.
Because the signature wasn't known
You could say the same about every piece of anti-virus software out there that fails to detect new stuff, but the difference here is that the ability to prevent execution of the malware is baked into the OS.
Glad Apple took action. They will need to be more proactive in order to quell further mass infections from a registered developer.
Do we even know how this was able to infect over 30,000 M1 Macs?
>Was it user error?
>Was it preinstalled from China?
>Was it from an infected app on the app store?
Apple knows about it BUT what is Apple doing about it?
It is alarming such a virus spread so quickly after the release of the M1 chip.
This malware wasn't a vulnerability in MacOS or software; you've got to actually install it purposely, no? In which case whilst it would have been improved by pulling the developer cert faster, this is still better than what you'll get on most OSes. I.E., put in your password, and you're screwed.
