Silver Sparrow is the name of the new malware for macOS. Here you can find out how it got onto systems and whether you could already be affected by it. […]
Silver Sparrow contacts a server at regular intervals to reload any new content from the network – but this has not yet happened. Silver Sparrow is delivered as a .pkg installation file and was signed with a valid developer certificate, so no warnings were displayed when installing on Macs. Apple has now withdrawn the certificate so that Silver Sparrow can no longer be installed in this way – but this would still be possible with a different certificate.
Do I have Silver Sparrow on my Mac?
There are certain indicators that suggest that Silver Sparrow has already found its way onto a system like Malwarebytes reported.
- Open the Finder.
- Press the combination cmd + shift + G and enter the path / tmp.
- If you find one of the following files in the folder that is now open, it is likely that you might have Silver Sparrow on your system: /tmp/agent.sh, /tmp/version.plist, or /tmp/version.json
- Repeat step 2 with the path ~ / Library and look for the entry ._insu
- The free software from Malwarebytes detects and removes the software OSX.SilverSparrow and is available here.