Author Topic: Silver Sparrow - Strange Mac Malware  (Read 73 times)

xairbusdriver

  • Storm
  • *****
  • Posts: 2686
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.5
Silver Sparrow - Strange Mac Malware
« on: February 23, 2021, 03:40:47 pm »
The latest on the malware:

https://www.cnn.com/2021/02/21/tech/mac-mysterious-malware/index.html

https://arstechnica.com/information-technology/2021/02/new-malware-found-on-30000-macs-has-security-pros-stumped/

From the comments:
"For those wondering, from the external blog post there are two scripts written to disk that should indicate if you have it, the locations are: /tmp/agent.sh and ~/Library/Application Support/verx_updater/verx.sh"

This affects both Intel and M1 Macs.

A reader post at the end of that ARS article includes some additional files to look for. It has 340+ upvotes but that may not be enough to vouch for its credibility. There may even be some later posts negating these files involvement. [rolleyes2] Still, looking for file names is extremely easy. [rockon]
  • ~/Library/._insu (empty file used to signal the malware to delete itself)
  • /tmp/agent.sh (shell script executed for installation callback)
  • /tmp/version.json (file downloaded from from S3 to determine execution flow)
  • /tmp/version.plist (version.json converted into a property list)

Weatheraardvark

  • Gale
  • ****
  • Posts: 337
  • I hear tornado sirens, lets go climb on the roof
    • C0005
    • KIADESMI1
    • Des Moines Weather and Climate
  • Station Details: Davis VP2 Plus, Fars,Soil Moisture, Extra sensors
Re: Silver Sparrow - Strange Mac Malware
« Reply #1 on: February 23, 2021, 05:36:19 pm »
Do you use an anti-virus/malware item on your computer.  On ours, my wife has Norton 365  and on mine  Bitdefender Total Security and so far neither of us have that problem.  She is the one who uses her computer for her online teaching
Davis VP2 Plus; 24h  FARS; Extra Temp Humid sensor (2); Extra Temp Station (2); Soil Moisture/Temp Station;Weatherlink IP;USB; MAC Big Sur; ;https://www.weatherlink.com/embeddablePage/show/1c484adbfa914d1aa10a58ad53ccd563/summary

xairbusdriver

  • Storm
  • *****
  • Posts: 2686
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.14.4/WC 3.0.5
Re: Silver Sparrow - Strange Mac Malware
« Reply #2 on: February 23, 2021, 05:53:25 pm »
Only thing I use is ClamXav. I doubt this "bird" is in its database yet. But it checks "home" every day to update itself. At least Apple has canceled the dev's Apple "veracity badge".

None of our Mac's have any of these files. The one dedicated to WC rarely downloads anything. My wife's MBP is the only one I'm ever concerned about. OTOH, she has become much better at asking before downloading anything or clicking any links in emails. ThU5:-) [cheer]

Weatheraardvark

  • Gale
  • ****
  • Posts: 337
  • I hear tornado sirens, lets go climb on the roof
    • C0005
    • KIADESMI1
    • Des Moines Weather and Climate
  • Station Details: Davis VP2 Plus, Fars,Soil Moisture, Extra sensors
Re: Silver Sparrow - Strange Mac Malware
« Reply #3 on: February 23, 2021, 05:59:08 pm »
I have always had an antivirus /malware on my computers.  especially when I was uploading data to the internet, it provides a short opening when the data is sent.  I doubt any of this is that sophisticated to rush in when rushing out is what should happen, such as trying to go in the out door at Walmart.

However, it is important to note that protection is always needed on Macs  although there is still a faction who are under the illusion that viruses/malware do not attack Macs and they do and have always.    the best medicine is not to download everything, to set the permissions on your computer to ask before downloading or letting any source do just that.

Yes, this is a biggie issue,  I wonder though, was it introduced during the manufacture of the chip or in the operating system updates.   My wife is still using Catalina on her aging MacBook Air .    She hasn't let me upgrade it to Big Sur, and perhaps a good thing. it only has 4G of RAM.
Davis VP2 Plus; 24h  FARS; Extra Temp Humid sensor (2); Extra Temp Station (2); Soil Moisture/Temp Station;Weatherlink IP;USB; MAC Big Sur; ;https://www.weatherlink.com/embeddablePage/show/1c484adbfa914d1aa10a58ad53ccd563/summary

elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 5724
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, Mac mini (2018), macOS 10.14.3, WeatherCat 3
Thanks for posting. (Re: Silver Sparrow - Strange Mac Malware)
« Reply #4 on: February 23, 2021, 11:01:44 pm »
Dear X-Air, Weatheraardvark, and WeatherCat faithful,

The latest on the malware
. . . .

Thanks for sharing.  Unfortunately, the coders with black-hats have been watching Apple's move to its own processors and are indeed ahead of many legitimate developers.  It is another reason to be very cautious while surfing.  Alas, many of us are cooped up in the house and the temptation to pass the time on the web could easily get us into trouble.

Lucky me, I don't have this problem.  It may be February 23rd, but we are in another off-shore wind event and I have yard work to do. . . . .  [banghead]

Oh well, . . . . . Edouard