It propagates through iChat, and can cause applications to not work properly - but requires an administrator password (when not using an administrator account, and in some cases when logged as an administrator - see below) to enact its somewhat innocuous effects, making it a low-level threat.ĬlamXav virus definitions updated The free graphical front-end to ClamXav has been updated to include a virus definition for the Oompa-Loompa Trojan (OSX/Oomp-A).
#CLAMXAV OS X FOR MAC OS X#
While the malware didn’t deliver a hazardous payload to any of the infected Macs, it has the potential to do so if not cleaned off of those Macs.Earlier today we noted the discovery and description of a new piece of malware for Mac OS X dubbed the "Oompa-Loompa Trojan (OSX/Oomp-A)." Īs previously noted, the malware was posted as "latestpics.tgz" to a Mac rumors web site, claiming to be pictures of "Mac OS X Leopard" (an upcoming version of Mac OS X. To summarize, Silver Sparrow has been grounded by Apple and antivirus app publishers, but it did spread quickly.
We won’t repeat these here due to their length, but if you want to perform a manual check and cleansing and you’re comfortable with the Terminal app, here’s a link.
#CLAMXAV OS X HOW TO#
(version.json converted into a property list)Īrs Technica commenter “effgee” provided a detailed set of instructions on how to look for these files and clean up an infected Mac. (file downloaded from from S3 to determine execution flow) (shell script executed for installation callback) (empty file used to signal the malware to delete itself) Just be sure that the definition files for the virus checker are up to date.Ī Manual Method to Check For Infection and Delete Silver SparrowĪ Lifehacker post about Silver Sparrow describes four files that suggest your Mac might be infected with the malware: That’s a relief!Īny standard virus checker on your Mac - like the free version of Malwarebytes or ClamXAV - finds and destroys Silver Sparrow during a standard scan.
#CLAMXAV OS X INSTALL#
If you’re using the Mac’s default security settings, you’ll be unable to install the malware. Apple suspended the developer certificates used to sign the package files that start the infection. Tony LambertĪlthough Silver Sparrow is considered a serious threat, it’s not expected to spread much further.
Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later. Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice.
Red Canary says that “According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany.”