Silver Sparrow malware infects nearly 30,000 Macs across 164 countriesTechnical details about the malwareMac malware distribution vectors: how to avoid getting infectedHow to Detect and Remove Silver Sparrow malware from Mac

Silver Sparrow malware usually spreads via fake software update advertisements online and arrives in a fake Apple installer package named update.pkg or updater.pkg that both include malicious JavaScript which launches before the actual package installation procedure. The user can see an ‘Install’ window that says ‘This package will run a program to determine if the software can be installed‘. Unfortunately, at this point the malware already resides in your system, despite your decision to click ‘Cancel‘ or ‘Continue.’ Following the discovery of this malware, Apple has taken actions to prevent further spread of it and revoked certificates for developer accounts used to sign the distributed packages. However, if you’re a Mac user, we still recommend checking if your computer wasn’t infected earlier.

Technical details about the malware

Silver Sparrow malware has two versions – version 1 contains a binary compiled for Intel x86_64 architecture, whole the version 2 includes binary designed for Intel x86_64 and M1 ARM64 architectures. This is unusual because the latter Apple architecture is very new and there haven’t been many instances of malware designed for it so far. The malware dynamically generates malicious script in order to evade detection by security software. In addition, its process PlistBuddy creates LaunchAgent that instructs launchd, the Mac initialization system, to regularly run specific tasks. For example, this malware instructs launchd to execute a shell script every hour to download a JSON file to disk, convert its format to plist file, and use it to execute further malicious tasks. So far, researchers didn’t observe any final payload, which means this malware was created by cybercriminals for testing purposes. The virus also includes several other tasks that seriously confused cybersecurity experts, for example, the malware includes a script that checks presence of ~/Library/._insu and, if found, removes all of its persistance mechanisms and scripts from computer. The virus is also designed to gather information about infected system’s UUID and URL used to download the malware package from. It is believed that the criminals use this way to identify the most successful distribution channels. After the installation, the virus displays a very basic placeholder. In version 1, it literally says “Hello World!” in dar grey background while the second one states “You did it!” in red background. The list of possible activities that this Mac virus can initiate is limitless: it can drag a spyware application, such as adware, or spread more severe threats such as ransomware or Trojans. Such and similar threats can cause severe damage for your computer and your privacy and possibly lead to financial or personal data loss. If you would like to detect and remove Silver Sparrow malware from your Mac, we strongly recommend a robust Mac antivirus that scores 100% detection rate in malware detection tests – INTEGO.

Mac malware distribution vectors: how to avoid getting infected

The primary Silver Sparrow malware distribution technique is identical to one used to spread the vast majority of persistent adware and other Mac-targeted malware – these applications are disguised in malicious online advertisements, typically offering fake software updates. Most of these infections arrive in PKG or DMG format files posing as legitimate Adobe Flash Player or Java update installers. Some examples of such ads are provided in the image below. If you wish to avoid the hassle of checking whether you got infected with such and similar Mac malware or adware like SearchLee or Search Baron, try to stay away from dubious online websites that trigger random pop-up ads. Try to trust your judgement and avoid clicking on download or install buttons advertised by adult-only, gaming or gambling sites, also torrent-hosting sites and similar. Additionally, we’d like to remind you to be careful with any installation files and choose trustworthy sources only to keep your computer secure. Ideally, download software only from well-known companies (make sure you visit their official websites for any downloads!) or the good old App Store.

How to Detect and Remove Silver Sparrow malware from Mac

In order to detect and remove Silver Sparrow malware from Mac, we strongly recommend using a trustworthy antivirus solution like INTEGO. We’d like to advise you that attempts to uninstall persistent Mac malware manually can be unsuccessful, especially if you’re not an experienced user. In order to check and perform Silver Sparrow virus removal from Mac, download INTEGO and perform a full system scan. You can also check its review to learn more about its outstanding lab tests results.

Reader Interactions

INTEGO antivirus is one of the leading security products for Mac that includes VirusBarrier X9 and NetBarrier X9 features allowing detection of viruses, ransomware, adware, browser hijackers, Trojans, backdoors and other threats and blocks suspicious network connections. If any detections are found, the software will eliminate them. Learn more about the software’s features in its full review. GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Use the following guidelines to get rid of Silver Sparrow malware on Mac. You will need to eliminate suspicious components from several system folders, move unwanted applications to Trash, delete shady profiles and login items created by the potentially unwanted program. Once you complete these steps, follow the instructions how to clean each affected web browser individually. Eliminate components of unwanted program from Mac system folders Move unwanted applications to Trash Remove unwanted startup applications on Mac Delete malicious configuration profiles

Remove Silver Sparrow malware from Safari Uninstall suspicious Safari extensions Change Safari Homepage and default search engine Remove push notifications on Safari Some suspicious websites can try to corrupt your Safari by asking to enable push notifications. If you have accidentally agreed, your browser will be flooded with various intrusive advertisements and pop-ups. You can get rid of them by following this quick guide: Reset Safari Remove Silver Sparrow malware from Google Chrome Remove suspicious Chrome extensions Change Start Page settings Change default search settings Remove push notifications from Chrome If you want to get rid of the annoying ads and so-called push-notifications viruses, you must identify their components and clean your browser. You can easily remove ads from Chrome by following these steps: Reset Google Chrome browser Remove Silver Sparrow malware from Mozilla Firefox Remove unwanted add-ons from Firefox Change Firefox Homepage Alter preferences in Firefox Remove annoying push notifications from Firefox Suspicious sites that ask to enable push notifications gain access to Mozilla’s settings and can deliver intrusive advertisements when browsing the Internet. Therefore, you should remove access to your browser by following these simple steps: Reset Mozilla Firefox Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend. Comment * Name * Email * Website

Δ Read Full Review Read Full Review