Silver Sparrow, a new piece of MacOS malware that runs on both Intel and M1-based Macs is a threat.
The Silver Sparrow is malware that runs on x86- and Apple M1-based Mac computers. Engineers at the cyber security firm Red Canary have detected two versions of the malware.
Internet security company Malwarebytes has discovered over 39,000 Macs worldwide running their anti-malware software to be infected with Silver Sparrow. Silver Sparrow infected Macs have been found in 153 countries as of now.
A spokesperson of Apple Inc. stated that “there is no evidence to suggest the malware they identified has delivered a malicious payload to infected users.” Apple also revoked the certificates of the developer accounts used to sign the packages, preventing this way any additional Macs from becoming infected. Silver Sparrow is the second malware virus observed to include M1-native code, which means that Mac users will be unable to install it if they’re using the Mac’s default security settings.
If you’re concerned that you might have been infected, think about what you’ve done with your system lately. Were you prompted by a website to download a software package and/or update? Was it something you weren’t intending to download or install until a website suggested you should? Was it said that package file named something simple and dull, like “update.pkg” or “updater.pkg?” If so, a little suspicion is warranted. While there’s no real way to detect whether said malware is on your system based on observable behavior—since it’s not doing anything at the moment, and it’s unclear if it ever will you can go hunting around for files the malware drops on your system.
In case you believe that this new malware breed has already found its way to your Mac, there’s nothing to worry about. Cyber-sec researchers had identified “Silver Sparrow” on time before it managed to evolve enough to distribute its payload. However, removing it is imperative nonetheless, so here’s everything you need to know.
1. How to Manually Remove “Silver Sparrow” From Your Mac
Considering that cybersecurity researchers have discovered common infection points, it’s possible to remove this malware strain manually. You need to do the following.
- Using Finder, you will need to inspect a series of folders and check whether they’re present on your system. If they are, you need to remove them and then empty macOS’ ‘Trash’ folder as well.
- Open the ‘Applications‘ folder and search for apps named ‘Updater.app‘ or ‘Tasker.app.’ If you see those, make sure to remove them by dragging-and-dropping them into the ‘Trash’ folder.
- Then, navigate to ‘~/Library/._insu.’ The ‘insu’ file is an empty file used to signal the malware to delete itself. Feel free to remove that file from your Library folder.
- Then, click on ‘Go‘ using macOS’ menu bar, and select ‘Go To Folder.’ Type in ‘/tmp/‘ and press ‘Enter‘ to open this folder. First, check whether there’s a file named ‘agent.sh,’ a script executed for the malware’s installation callback.
- Also, check if there’s a file labeled ‘version.json,’ a file that “Silver Sparrow” downloads from an S3 to determine execution flow.
- And lastly, check for a file labeled ‘version.plist.’ If you find it, feel free to remove it, and don’t forget to remove it from your ‘Trash’ folder as well. That’s it!
2. How to Remove “Silver Sparrow” using CleanMyMac
Next, we will advise you to use an application named CleanMyMac. This is a highly popular maintenance-focused app that takes proper care of your macOS. As it turns out, it also has an antivirus built-in, and yes, it can remove “Silver Sparrow” from your Mac.
- First, go ahead and download CleanMyMac from its website. Make sure to download the latest available version, which also comes optimized for M1 Macs. And also, you can use it free of charge, even to remove this new malware breed.
- Then, install and launch the application. Once you open it and see its home screen, click on ‘Malware Removal‘ using the left-placed sidebar. Press ‘Scan.’
- The application will ask to install its ‘helper’ tool (required by macOS), so feel free to input your password and click on ‘Install Helper.’
- CleanMyMac will now scan your computer, which can take a while. If any threats are detected, you will see them once the scan completes. If you use the full version of ClearMyMac, press the ‘Remove‘ button. And if you use the free version, click on ‘Review Details.’
- The full version of the application will now automatically remove any identified malware on your computer. And if you use the free version, you need to select ‘Silver Sparrow,’ click on ‘Remove Manually,’ and then select ‘Remove‘ in the top-right corner. That’s it!