How To

How to Find & Remove the New “Silver Sparrow” Malware Affecting Intel & M1 Macs

By Novak Bozovic

Macs powered by Apple’s own M1 processors are only a couple of months old – but that’s not stopping malicious actors from crafting new breeds of malware. You have probably heard about "Silver Sparrow," a new type of malware that affects both Intel and M1 Macs, finding its way to around 30,000 computers already. With that said, it's time to talk about how to find and remove "Silver Sparrow" and make your Mac once again safe to use.

In case you believe that this new malware breed has already found its way to your Mac, there's nothing to worry about. Cyber-sec researchers had identified "Silver Sparrow" on time - before it managed to evolve enough to distribute its payload. However, removing it is imperative nonetheless, so here's everything you need to know. 

How to Remove "Silver Sparrow" From Your Mac

Right now, there are several reliable methods to find and remove "Silver Sparrow" from your Intel- or M1-based Mac. Let's go over all of those.

Method 1: How to Manually Remove "Silver Sparrow" From Your Mac

Considering that cybersecurity researchers have discovered common infection points, it’s possible to remove this malware strain manually. You need to do the following. 

  • Using Finder, you will need to inspect a series of folders and check whether they're present on your system. If they are, you need to remove them and then empty macOS' 'Trash' folder as well. 
  • Open the 'Applications' folder and search for apps named 'Updater.app' or 'Tasker.app.' If you see those, make sure to remove them by dragging-and-dropping them into the 'Trash' folder.
  • Then, navigate to '~/Library/._insu.' The 'insu' file is an empty file used to signal the malware to delete itself. Feel free to remove that file from your Library folder. 
  • Then, click on 'Go' using macOS’ menu bar, and select 'Go To Folder.' Type in '/tmp/' and press 'Enter' to open this folder. First, check whether there's a file named 'agent.sh,' a script executed for the malware's installation callback. 
  • Also, check if there’s a file labeled 'version.json,' a file that "Silver Sparrow" downloads from an S3 to determine execution flow. 
  • And lastly, check for a file labeled 'version.plist.' If you find it, feel free to remove it, and don't forget to remove it from your 'Trash' folder as well. That's it!

Method 2: How to Remove "Silver Sparrow" using CleanMyMac

Next, we will advise you to use an application named CleanMyMac. This is a highly popular maintenance-focused app that takes proper care of your macOS. As it turns out, it also has an antivirus built-in, and yes, it can remove "Silver Sparrow" from your Mac. 

  • First, go ahead and download CleanMyMac from its website. Make sure to download the latest available version, which also comes optimized for M1 Macs. And also, you can use it free of charge, even to remove this new malware breed. 
  • Then, install and launch the application. Once you open it and see its home screen, click on 'Malware Removal' using the left-placed sidebar. Press 'Scan.'
CleanMyMac X Malware Removal Tool
  • The application will ask to install its 'helper' tool (required by macOS), so feel free to input your password and click on 'Install Helper.'  
  • CleanMyMac will now scan your computer, which can take a while. If any threats are detected, you will see them once the scan completes. If you use the full version of ClearMyMac, press the 'Remove' button. And if you use the free version, click on 'Review Details.' 
CleanMyMac Malware Silver Sparrow Identified
  • The full version of the application will now automatically remove any identified malware on your computer. And if you use the free version, you need to select 'Silver Sparrow,' click on 'Remove Manually,' and then select 'Remove' in the top-right corner. That's it!

Method 3: How to Remove "Silver Sparrow" Using Malwarebytes

It doesn’t come as a surprise to know that Malwarebytes can remove this new type of malware. For that purpose, you need to use this antivirus, which comes free of charge (as a 14-day trial). These are the steps you need to take. 

  • First, download Malwarebytes for Mac from its website. Use the provided link and then click on 'Free Download.' Once you have the installation file on your Mac, double-click on it and go through the required installation steps. 
  • Launch Malwarebytes and go through its initial set-up. You don’t have to buy the antivirus, as you’ll get its 14-day trial (enough to scan and remove "Silver Sparrow"). Also, make sure to select 'Personal Computer' when setting-up the antivirus. 
MalwareBytes for Mac Home Screen
  • Once you get to the application’s home screen, click on 'Scan.' Malwarebytes will now scan your system, letting you know if it detects any type of malware. If it does, you will be asked to remove it automatically. That’s it!
MalwareBytes Mac Scan in Progress

Is There a Way to Know If Your Mac Is Infected by "Silver Sparrow?"

It’s important to understand that "Silver Sparrow" was caught and identified early. Cyber-sec researchers at Red Canary were the first ones to come across this strain of malware. It didn't take long for the team to unveil technical details of this malware, including how "Silver Sparrow" reaches and infects macOS computers. 

As you can see above, there are several methods to remove "Silver Sparrow," letting you check whether your device has been infected. However, keep in mind that this malware comes via software packages, often downloaded from the Internet. With that said, try to think whether you’ve downloaded or installed something lately that you didn’t intend?

Perhaps a website asked you to download software for your Mac, or maybe an update for one of your installed apps? If you ended up with a file named "update.pkg" or "updater.pkg," the chances are that you’ll encounter "Silver Sparrow" on your Mac. 

More on Mac Malware

What Can "Silver Sparrow" Do to a Mac? Is It a Serious Threat? 

As noted by Red Canary, this new type of malware comes as a "reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment's notice." Since this malware has been identified early, it never reached its full potential, which tells us a few things. 

First, that means that "Silver Sparrow" is an inactive malware breed (at least for the moment). Cybersecurity researchers still wait on any further development, helping them assess the malware’s intentions. Therefore, it also means that we don’t know the purpose of this malware (or whether it was designed to steal specific types of information). 

We should also note that Apple has revoked the certificates of the developer accounts used to sign the malicious packages. That means that the chances of your Mac getting infected are very slim right now.

How Widespread Is "Silver Sparrow?" Can You Get Infected Easily?

As per Malwarebytes' report, around 39,000 unique machines were detected by this antivirus, containing components of "Silver Sparrow." The majority of those come from the United States, but other countries are affected as well, as you can see below.

Country Number of Detections
United States 25,331
United Kingdom 2,785
Canada 2,389
France 2,218
Germany 920
Italy 636
Australia 509
Spain 368
India 306
Mexico 196

Up until a few days ago, just about anyone could get infected by "Silver Sparrow." However, now that we know more about this breed of malware, and considering that Apple has stopped its spread, your chances of getting infected are slim. 

That would all on how to find and remove "Silver Sparrow" from your Mac. If you have any questions or doubts, know that you always post a comment below. Lastly, thanks for reading!

Add a Comment

Latest
Streaming
How to Watch Interior Design Masters Season 4 Online from Anywhere
Ipsita Kabiraj - 0
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
Read more
Streaming
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
TechNadu Staff - 0
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
Read more
Streaming
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
TechNadu Staff - 0
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
Read more

© TechNadu 2023. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari