How to Find & Remove the New “Silver Sparrow” Malware Affecting Intel & M1 Macs
Macs powered by Apple’s own M1 processors are only a couple of months old – but that’s not stopping malicious actors from crafting new breeds of malware. You have probably heard about "Silver Sparrow," a new type of malware that affects both Intel and M1 Macs, finding its way to around 30,000 computers already. With that said, it's time to talk about how to find and remove "Silver Sparrow" and make your Mac once again safe to use.
In case you believe that this new malware breed has already found its way to your Mac, there's nothing to worry about. Cyber-sec researchers had identified "Silver Sparrow" on time - before it managed to evolve enough to distribute its payload. However, removing it is imperative nonetheless, so here's everything you need to know.
How to Remove "Silver Sparrow" From Your Mac
Right now, there are several reliable methods to find and remove "Silver Sparrow" from your Intel- or M1-based Mac. Let's go over all of those.
Method 1: How to Manually Remove "Silver Sparrow" From Your Mac
Considering that cybersecurity researchers have discovered common infection points, it’s possible to remove this malware strain manually. You need to do the following.
- Using Finder, you will need to inspect a series of folders and check whether they're present on your system. If they are, you need to remove them and then empty macOS' 'Trash' folder as well.
- Open the 'Applications' folder and search for apps named 'Updater.app' or 'Tasker.app.' If you see those, make sure to remove them by dragging-and-dropping them into the 'Trash' folder.
- Then, navigate to '~/Library/._insu.' The 'insu' file is an empty file used to signal the malware to delete itself. Feel free to remove that file from your Library folder.
- Then, click on 'Go' using macOS’ menu bar, and select 'Go To Folder.' Type in '/tmp/' and press 'Enter' to open this folder. First, check whether there's a file named 'agent.sh,' a script executed for the malware's installation callback.
- Also, check if there’s a file labeled 'version.json,' a file that "Silver Sparrow" downloads from an S3 to determine execution flow.
- And lastly, check for a file labeled 'version.plist.' If you find it, feel free to remove it, and don't forget to remove it from your 'Trash' folder as well. That's it!
Method 2: How to Remove "Silver Sparrow" using CleanMyMac
Next, we will advise you to use an application named CleanMyMac. This is a highly popular maintenance-focused app that takes proper care of your macOS. As it turns out, it also has an antivirus built-in, and yes, it can remove "Silver Sparrow" from your Mac.
- First, go ahead and download CleanMyMac from its website. Make sure to download the latest available version, which also comes optimized for M1 Macs. And also, you can use it free of charge, even to remove this new malware breed.
- Then, install and launch the application. Once you open it and see its home screen, click on 'Malware Removal' using the left-placed sidebar. Press 'Scan.'
- The application will ask to install its 'helper' tool (required by macOS), so feel free to input your password and click on 'Install Helper.'
- CleanMyMac will now scan your computer, which can take a while. If any threats are detected, you will see them once the scan completes. If you use the full version of ClearMyMac, press the 'Remove' button. And if you use the free version, click on 'Review Details.'
- The full version of the application will now automatically remove any identified malware on your computer. And if you use the free version, you need to select 'Silver Sparrow,' click on 'Remove Manually,' and then select 'Remove' in the top-right corner. That's it!
Method 3: How to Remove "Silver Sparrow" Using Malwarebytes
It doesn’t come as a surprise to know that Malwarebytes can remove this new type of malware. For that purpose, you need to use this antivirus, which comes free of charge (as a 14-day trial). These are the steps you need to take.
- First, download Malwarebytes for Mac from its website. Use the provided link and then click on 'Free Download.' Once you have the installation file on your Mac, double-click on it and go through the required installation steps.
- Launch Malwarebytes and go through its initial set-up. You don’t have to buy the antivirus, as you’ll get its 14-day trial (enough to scan and remove "Silver Sparrow"). Also, make sure to select 'Personal Computer' when setting-up the antivirus.
- Once you get to the application’s home screen, click on 'Scan.' Malwarebytes will now scan your system, letting you know if it detects any type of malware. If it does, you will be asked to remove it automatically. That’s it!
Is There a Way to Know If Your Mac Is Infected by "Silver Sparrow?"
It’s important to understand that "Silver Sparrow" was caught and identified early. Cyber-sec researchers at Red Canary were the first ones to come across this strain of malware. It didn't take long for the team to unveil technical details of this malware, including how "Silver Sparrow" reaches and infects macOS computers.
As you can see above, there are several methods to remove "Silver Sparrow," letting you check whether your device has been infected. However, keep in mind that this malware comes via software packages, often downloaded from the Internet. With that said, try to think whether you’ve downloaded or installed something lately that you didn’t intend?
Perhaps a website asked you to download software for your Mac, or maybe an update for one of your installed apps? If you ended up with a file named "update.pkg" or "updater.pkg," the chances are that you’ll encounter "Silver Sparrow" on your Mac.
What Can "Silver Sparrow" Do to a Mac? Is It a Serious Threat?
As noted by Red Canary, this new type of malware comes as a "reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment's notice." Since this malware has been identified early, it never reached its full potential, which tells us a few things.
First, that means that "Silver Sparrow" is an inactive malware breed (at least for the moment). Cybersecurity researchers still wait on any further development, helping them assess the malware’s intentions. Therefore, it also means that we don’t know the purpose of this malware (or whether it was designed to steal specific types of information).
We should also note that Apple has revoked the certificates of the developer accounts used to sign the malicious packages. That means that the chances of your Mac getting infected are very slim right now.
How Widespread Is "Silver Sparrow?" Can You Get Infected Easily?
As per Malwarebytes' report, around 39,000 unique machines were detected by this antivirus, containing components of "Silver Sparrow." The majority of those come from the United States, but other countries are affected as well, as you can see below.
Up until a few days ago, just about anyone could get infected by "Silver Sparrow." However, now that we know more about this breed of malware, and considering that Apple has stopped its spread, your chances of getting infected are slim.
That would all on how to find and remove "Silver Sparrow" from your Mac. If you have any questions or doubts, know that you always post a comment below. Lastly, thanks for reading!