13424778, I think MalwareBytes will detect and remove it Posted by handle, Mon Feb-22-21 03:58 AM
No clear instructions yet, but here are files that indicate you have it
https://redcanary.com/blog/clipping-silver-sparrows-wings/
In Versions 1 & 2 ~/Library/._insu (empty file used to signal the malware to delete itself) /tmp/agent.sh (shell script executed for installation callback) /tmp/version.json (file downloaded from from S3 to determine execution flow) /tmp/version.plist (version.json converted into a property list)
Other versions ~/Library/Application Support/agent_updater/agent.sh (v1 script that executes every hour) /tmp/agent (file containing final v1 payload if distributed) ~/Library/Launchagents/agent.plist (v1 persistence mechanism) ~/Library/Launchagents/init_agent.plist (v1 persistence mechanism)
|