At the beginning of February, Red Canary a cyber security organization came across previously unknown malware that has affected over 30,000 macs around the world. Red Canary dubbed the malware, Silver Sparrow. The curious thing about this string of malware is that no one seems to be able to figure out what it actually does. To date there aren’t any cases of a user reporting problems that could specifically be tied to Silver Sparrow.
The good news? Locating these malware files on your computer is pretty easy. Below are the current file path’s that have been discovered by Red Canary where one may find these files:
~/Library/._insu (empty file used to signal the malware to delete itself)
/tmp/agent.sh (shell script executed for installation callback)
/tmp/version.json (file downloaded from from S3 to determine execution flow)
/tmp/version.plist (version.json converted into a property list)
Advisory is actively monitoring Silver Sparrow and working with our clients to ensure that they don’t fall victim. To learn more, check out Red Canary’s blog post on Silver Sparrow.