Over 30,000 Apple Macs have been infected with a high-stealth malware, and the company has no idea why

@AgreeableLandscape · 3 years ago

Over 30,000 Apple Macs have been infected with a high-stealth malware, and the company has no idea why

Jolly Roger · edit-2 11 months ago

PSA:

This is very old news. Silver Sparrow is a relatively harmless trojan (not a virus as so many people keep calling it) that was discovered over three years ago.

A computer virus is malware that automatically replicates itself to spread to other files/computers.
A trojan is malware that is made to look like it’s a legitimate app (but actually contains malware) in order to trick people into downloading and installing it.

This is a simple trojan, which means the Mac users who were infected were gullible enough to:

download this malware,
run the installer, and
enter their administrator username and password when prompted.

If they hadn’t done all of these steps, they would not be infected.

The Silver Sparrow activity cluster was found to affect 29,139 macOS endpoints across 153 countries, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany.

The current version of the malware doesn’t actually have a payload. In other words, once installed, it doesn’t actually do anything. In fact researchers found that when executed, the x86_64 binary displays the words “Hello World!” while the M1 binary displays “You did it!”. Red canary has more technical details about this malware on their website.

How do you avoid (or get rid of) this malware?

Apple has already revoked the offending developer certificate(s), which prevents payload binaries from running on updated Macs, rendering it inoperative.

Removing it is very easy. Just run Malwarebytes, and you’re done.

Avoiding it is also very easy. All you need to do is follow some simple safe computing practices:

always install macOS security updates in a timely manner after they are released
always run an ad blocker like 1Blocker X or AdBlock Plus in your web browser so that you won’t see distracting advertising as well as unsolicited pop-up windows that claim you are somehow “infected” or “missing some video software” and therefore need to download and install some piece of untrusted software on your computer to fix some supposed “problem” they supposedly “detected” - and if you do still see these, don’t fall for them as they are obvious scams
always refrain from downloading and installing software from untrusted sources - instead go directly to the software maker’s website or to the official App Store