What is money laundering? No, it’s not a Game of Thrones character – has that ship sailed? – but instead a new piece of macOS malware that runs on both Intel and Macs based on M1. That makes it the second known piece of malware for the latter, but there is a money line: Researchers Discover tmalicious software mus it hafairly good indeed harm of your system.
Like the Red Canary Tony Lambert writes:
“… privacy is the ultimate goal of this malware. We have no way of knowing with certainty what payment burden would be spread by the malware, if a payment burden has already been delivered and removed, or if it has a timeline the enemy to spread it. According to data shared with us by Malwarebytes, almost 30,000 affected hosts have downloaded what next payment charge or last level. ”
Click over to the Red Canary blog if you want to access Silver Sparrow’s nitty-gritty technical details. If you are curious about whether you are trapped, it is strange that you are not, and you will not be going forward – Apple is on the developer qualifications used to sign the package files that start the infection, resulting in Mac users they will not be able to install if they are using Mac’s default security settings. (I didn’t detect any malware, so I can’t verify your Mac warning you are about not to install it, or simply point it out as a malicious app and prohibits you from doing so.)
Still, if you’re worried that you might get caught, think about what you’ve done with your system lately. Did a website encourage you to a software package and / or update? Was something you did not intend to download or install gus website suggest that you should? Was that package file named something simple and dull, like “update.pkg” or “updateater.pkg?”
G / O Media may receive a commission
If so, there is some suspicion of warranted. While there is no real way to find out if malware is on your system based on obvious behavior – since it is not doing anything at the moment, and it is not clear if it ever is yes – you can go hunting for files that the malware crashes on your system. Red Canary Notes four files that suggest your system may be infectious:
- ~ / Library /._ ans (empty file used to identify malware for removal)
- /tmp/agent.sh (shell script executed for callback installation)
- /tmp/version.json (file downloaded from S3 to confirm execution stream)
- /tmp/version.plist (version.json converted to properties list)
T.his long (and extremely helpful) writing from Ars Technica commenter effgee it will help you to find the crime files, confirm that they have a problem, and remove them. From Malwarebytes working with Red Canary on search data for he has the analysis and his published piece, good odds that he uses the free version of sin a popular anti-malware scanner / remover should suffice as well.
If the current version of the app doesn’t find and remove Silver Sparrow, make sure you keep its definitions updated – and that’s you run regular scans. I. the expectation it won’t be long before that the company issues writing update macOS glan de this pesky, but otherwise non-stop malware.