Go back to previous topic
Forum nameGeneral Discussion
Topic subjectNearly 30,000 Macs reportedly infected with mysterious malware
Topic URLhttp://board.okayplayer.com/okp.php?az=show_topic&forum=4&topic_id=13424756
13424756, Nearly 30,000 Macs reportedly infected with mysterious malware
Posted by c71, Sun Feb-21-21 01:24 PM
I'm only posting this because in the old Organix forum I posted an article on internet protection for computers and some Apple user got VERY smug........VERY smug

I wish he were around for this post. Really didn't like that guy.


Nearly 30,000 Macs reportedly infected with mysterious malware

By Alexis Benveniste, CNN Business

Updated 12:29 PM ET, Sun February 21, 2021

New York (CNN Business)Nearly 30,000 Macs world-wide have been infected with mysterious malware, according to researchers at security firm Red Canary.

The malware, which the company calls Silver Sparrow, does not "exhibit the behaviors that we've come to expect from the usual adware that so often targets macOS systems," Tony Lambert, an intelligence analyst at Red Canary wrote.

It's not clear what the malware's goal is. Silver Sparrow includes a self-destruct mechanism that appears to have not been used, researchers said. It's also unclear what would trigger that function.

Notably, Silver Sparrow contains code that runs natively on Apple's in-house M1 chip that was released in November, making only the second known malware to do so, according to the news site Ars Technica.

"Though we haven't observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat," researchers wrote.

Silver Sparrow infected Macs in 153 countries as of February 17, with higher concentrations reported in the US, UK, Canada, France and Germany, according to data from Malwarebytes, a website that blocks ransomware attacks.
13424759, Republicans and Democrats are the same
Posted by handle, Sun Feb-21-21 02:11 PM
Something like 7 billion malware attacks a year for PCs (Republicans)
30,000 malware attacks for Macs (Democrats)

So it’s equal.

I wonder if you’re being smug running to the Internet to post this????

Just a thought
13424760, ^ :'(
Posted by Nopayne, Sun Feb-21-21 02:37 PM
13424761, let me guess.............
Posted by c71, Sun Feb-21-21 02:40 PM

>30,000 malware attacks for Macs (Democrats)

uh.........I'm supposed to believe (echoes of the smug guy) that....

30,000 (the number cited in the article for THIS particular type of malware)....

....is the ONLY malware infection for Macs (no 30,000 plus ...anything?)

13424762, Some truths
Posted by handle, Sun Feb-21-21 03:07 PM
NO ONE who knows ANYTHING about the Mac ever said "Mac's can not get malware or viruses and you're 100% safe at all times."

What is true "Macs are targeted 1000s of times LESS with Malware and Macs have some built-in security measure that may help limit the severity of some common malware."

So yes, EVERYTIME a malware targets a Mac someone posts a similar thing "Mac users are smug, but look you ain't shit!! Hahaha you're exactly the same as everyone else - and we suck - so now you suck too - but you suck more because I thought you were smug."

No one says mac are INVULENARBLE. They just aren't targeted AS MUCH.

Same with the iPhone - we know the Pegasus spyware has been used to target political dissidents and journalism in Saudi Arabia and China - it's just not very common so it's not really a problem the average user will ever have.

More about virus/spyware/malware/adware on the mac:

If Macs started to outsell Windows the malware targeting would shift to the Mac.

All computers can be hacked - ALL of them.

Note: I am NOT a Mac user. I do own a PowerMac G4 that's in storage.
13424763, Posting a "told you so" to someone who's not even around anymore?
Posted by Boogie Stimuli, Sun Feb-21-21 03:22 PM
Are you hoping to encounter more "smug" apple users?

Craving that iTension in your life?

13424768, I didn't say he wasn't around anymore
Posted by c71, Sun Feb-21-21 06:15 PM
...was like a wish for him to identify himself in this post
13424795, Lol
Posted by Boogie Stimuli, Mon Feb-22-21 11:11 AM
>...was like a wish for him to identify himself in this post
13424764, VERY smug
Posted by Mynoriti, Sun Feb-21-21 03:29 PM
13424776, fuck all this bullshit...what do we DO?
Posted by Damali, Mon Feb-22-21 12:51 AM
how do we know if we have it or not?

y'all stay focused on the dumbest shit, i swear..


"But rest assured, in my luxurious house built on the backs of people darker than me, I am sipping fine scotch and scoffing at how stupid you are." - bshelly
13424778, I think MalwareBytes will detect and remove it
Posted by handle, Mon Feb-22-21 03:58 AM
No clear instructions yet, but here are files that indicate you have it


In Versions 1 & 2
~/Library/._insu (empty file used to signal the malware to delete itself)
/tmp/agent.sh (shell script executed for installation callback)
/tmp/version.json (file downloaded from from S3 to determine execution flow)
/tmp/version.plist (version.json converted into a property list)

Other versions
~/Library/Application Support/agent_updater/agent.sh (v1 script that executes every hour)
/tmp/agent (file containing final v1 payload if distributed)
~/Library/Launchagents/agent.plist (v1 persistence mechanism)
~/Library/Launchagents/init_agent.plist (v1 persistence mechanism)