![]() ![]() Additional indicators and behaviors may be found within the references. Per SentinelOne source, it is predicted that Silver Sparrow is likely selling itself as a mechanism to 3rd party Caffiliates or pay-per-install (PPI) partners, typically seen as commodity adware/malware. This analytic assists with identifying different types of macOS malware families establishing LaunchAgent persistence. During installation of the update.pkg or updater.pkg file, the malicious software utilizes JavaScript to generate files and scripts on disk for persistence.These files later download a implant from an S3 bucket every hour. Silver Sparrow forces infected Macs to check a control server once per hour, and it includes a self-destruct mechanism, but researchers have yet to actually observe its malicious intent. To this date, no implant has been downloaded for malicious purposes. The best chance of detecting it on macOS is to use MalwareBytes for Mac which has now been updated to detect and remove it. It is cross platform, covering both Intel and Apple M1 architecture. ![]() ![]() Silver Sparrow works is a dropper and uses typical persistence mechanisms on a Mac.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |