What is Silver Sparrow
Silver Sparrow is a malicious program that aims to infect Mac computers. The security researchers found that this malware has two significantly different versions. Their key difference is the target Mac OS architecture. The activity of this malicious program has been recorded in various countries, but mainly in the United States, Canada, United Kingdom, Germany, and France. Security researchers have classified Silver Sparrow as backdoor. Backdoor is a type of malware that gives cybercriminals unauthorized access to a computer. Using this malware, attackers are able to control Mac computers, download and install other malicious software, and steal user’s personal data.
Silver Sparrow virus (variant 1) – detection names
As we said above, there are two variants of this malware. The first is designed in such a way as to infect Macs based on Intel processors (x86_64). The second variant of this virus infects the latest Mac computers based on M1 processors. The latter is newer and therefore less common. As mentioned above, this malware is a backdoor, but at the time of research, Silver Sparrow was not downloading any malware to the infected computer. It is not known exactly when the malware will activate, but it can happen at any time. Silver Sparrow has made in such a way that its code can be changed at any time. And more importantly, it uses Amazon AWS for malicious purposes. This malware is able to use this service to spread malware.
Silver Sparrow malware (variant 2)
Malware that has backdoor capabilities can spread different types of malicious programs. For example, ransomware, Trojans, adware, browser hijacker, potentially unwanted applications and spyware. The most dangerous is ransomware. Ransomware is a malicious program designed to encrypt a user’s files and demand ransom for decrypting them. Trojans are similar to backdoors and allow attackers to take control of infected computers. Adware is a form of malware that displays endless advertisements on an infected computer. Adware can also change browser settings and redirect the browser to misleading and malicious websites. To summarize, Silver Sparrow can potentially infect the computer with a variety of malicious programs, which can lead to theft of personal information, financial losses, device damage.
Silver Sparrow Mac Detection
After reading the above, you reasonably have a question: Does my Mac have Silver Sparrow? At the moment, security researchers have not figured out exactly what is the cause of this malware infection. But it is known for sure that more than 35 thousand computers are already infected. This indicates the rapid spread of this malware. Therefore, we advise you to scan your computer with MalwareBytes, which will perform a quick system scan and determine if your computer is infected or not. If malware is found, you can remove Silver Sparrow for free.
QUICK LINKS
Threat Summary
| Name | Silver Sparrow (updater.pkg malware) |
| Type | Mac malware, Mac trojan, password-stealing virus, Mac virus, banking malware, spyware, backdoor |
| Detection Names (variant 1) | Trojan.GenericKD.45772753, Trojan.OSX.Slisp.a!c, Trojan.OSX.Agent, OSX/Agent.smpwq, Trojan.ECUZ-6, Malware.OSX/Agent.smpwq, Mac/TrojanDownloader.Generic.HtcASPYA, Adware.MacOS.Slisp.A |
| Detection Names (variant 2) | OSX/Agent.BL, Malware.OSX/Agent.JR, Trojan.OSX.SilverSparrow, Adware.MacOS.Slisp.A, TrojanDownloader:MacOS/Slisp.A!MTB, HEUR:Trojan-Downloader.OSX.Slisp.a, TrojWare.Win32.UMal.hsmlx@0 |
| Symptoms |
|
| Removal | Silver Sparrow removal guide |
Update 3 March 2021
According to the latest information, Silver Sparrow is spread through adware and advertisements, as well as through the installation of certain programs. It is known that Silver Sparrow is created to distribute other malicious programs, but it is not yet known which ones. Another important detail has also become known, Silver Sparrow deletes itself when it finds a file named “._insu” in directory “~/Library“. It looks like this file is created if an infected computer is no longer of interest to cybercriminals.
How to remove Silver Sparrow from Mac computer (Malware removal guide)
Silver Sparrow is a form of malware that you might have difficulty in removing it from your Apple Mac. Thankfully, you’ve found the effective malware removal instructions in this blog post. Both the manual removal way and the automatic removal way will be provided below and you can just select the one that best for you. If you’ve any questions or need assist then type a comment below. Some of the steps below will require you to close this web site. So, please read the steps carefully, after that bookmark it or open it on your smartphone for later reference.
To remove Silver Sparrow, perform the steps below:
- Remove unwanted profiles on Mac device
- Remove Silver Sparrow related programs through the Finder
- Remove Silver Sparrow related files and folders
- Scan your Mac with MalwareBytes
- Remove Silver Sparrow from Safari, Chrome, Firefox
- How to stay safe online
Remove unwanted profiles on Mac device
Silver Sparrow and other malware can make changes to the MacOS such as malicious changes to browser settings, and the addition of malicious system profiles. You need to check the system preferences, find and remove malicious profiles and ensure your settings are as you expect.
Click Apple menu ( 
) > System Preferences.
In System Preferences, select Profiles. if there is no Profiles in the list of preferences, that means there are no profiles installed on the Mac. If there is Profiles in the list, then click on it, then select a profile associated with Silver Sparrow.
To delete a malicious profile, click on the minus button ( – ) located at the bottom-left of the Profiles screen.
Remove Silver Sparrow related programs through the Finder
The next step in uninstalling PUPs, browser hijackers and adware by yourself is to go into the Finder, then Applications. Take a look at the list of applications on your Mac device and see if there are any questionable and unknown software. If you see any, you need to uninstall it. Of course, before doing so, you can do an Internet search to find details on the application. If it is an adware, PUP and browser hijacker, you will likely find information that says so.
Open Finder and click “Applications”.
It will display a list of all applications installed on your MAC system. Scroll through the all list, and uninstall any suspicious and unknown programs. Right click to suspicious program and choose “Move to Trash”. Another solution is drag the application from the Applications folder to the Trash.
Most important, scroll through the all list, and move to trash any unknown applications. Don’t forget, choose Finder -> Empty Trash.
Remove Silver Sparrow related files and folders
Now you need to try to find Silver Sparrow related files and folders, and then delete them manually. You need to look for these files in certain directories. To quickly open them, we recommend using the “Go to Folder…” command.
Click on the Finder icon. From the menu bar, select Go and click “Go to Folder…”. As a result, a small window opens that allows you to quickly open a specific directory.
Check for Silver Sparrow generated files in the /Library/LaunchAgents folder
In the “Go to Folder…” window, type the following text and press Go:
/Library/LaunchAgents
This will open the contents of the “/Library/LaunchAgents” folder. Look carefully at it and pay special attention to recently created files, as well as files that have a suspicious name. Move all suspicious files to the Trash. A few examples of files: com.machelper.plist, search.plist, macsearch.plist and installapp.plist. Most often, adware software, potentially unwanted programs and browser hijackers create several files with similar names.
Check for Silver Sparrow generated files in the /Library/Application Support folder
In the “Go to Folder…” window, type the following text and press Go:
/Library/Application Support
This will open the contents of the “Application Support” folder. Look carefully at its contents, pay special attention to recently added/changed folder. Move all suspicious folders to the Trash.
Check for Silver Sparrow generated files in the “~/Library/LaunchAgents” folder
In the “Go to Folder…” window, type the following text and press Go:
~/Library/LaunchAgents
Proceed in the same way as with the “/Library/LaunchAgents” and “/Library/Application Support” folders. Look for suspicious and recently added files. Move all suspicious files to the Trash.
Check for Silver Sparrow generated files in the /Library/LaunchDaemons folder
In the “Go to Folder…” window, type the following text and press Go:
/Library/LaunchDaemons
Carefully browse the entire list of files and pay special attention to recently created files, as well as files that have a suspicious name. Move all suspicious files to the Trash. A few examples of files to be deleted: com.installapp.plist, com.macsearch.plist, com.search.plist, com.machelper.plist. In most cases, browser hijackers, adware software and potentially unwanted programs create several files with similar names.
Scan your Mac with MalwareBytes
We recommend using MalwareBytes Anti-Malware to scan the Mac computer for browser hijackers, adware and PUPs. This free tool is an advanced malicious software removal application designed by (c) Malwarebytes lab. This program uses the world’s most popular anti malware technology. It’s able to help you delete Silver Sparrow malware, ransomware and other security threats from your Mac device for free.
- Installing the MalwareBytes Anti-Malware (MBAM) is simple. First you’ll need to download MalwareBytes AntiMalware on your Windows Desktop by clicking on the following link.
Malwarebytes Anti-malware (Mac)
20841 downloads
Author: Malwarebytes
Category: Security tools
Update: September 10, 2020
- When the downloading process is done, please close all programs and open windows on your MAC. Run the downloaded file. Follow the prompts.
- The MalwareBytes Free will launch and display the main window.
- Further, click the “Scan” button to detect the Silver Sparrow malware. Depending on your MAC system, the scan can take anywhere from a few minutes to close to an hour. While the tool is scanning, you can see how many objects and files has already scanned.
- When finished, MalwareBytes AntiMalware (MBAM) will display a list of all items detected by the scan.
- Make sure to check mark the threats which are unsafe and then press the “Remove Selected Items” button.
- Close the Anti-Malware and continue with the next step.
Remove Silver Sparrow from Safari, Chrome, Firefox
If you are still getting unwanted ads and browser redirects, then you can try to get rid of it by removing malicious extensions.
 Google Chrome |
 Mozilla Firefox |
|---|---|
You can also try to disable Silver Sparrow associated extensions by reset Google Chrome settings. |
If you are still experiencing issues with Silver Sparrow malware removal, you need to reset Firefox browser. |
 Safari |
|
|
How to stay safe online
The AdGuard is a very good adblocker application for the Firefox, Safari and Google Chrome, with active user support. It does a great job by removing certain types of unwanted ads, popunders, popups, intrusive newtab pages, and even full page ads and webpage overlay layers. Of course, the AdGuard can block malicious web-pages automatically or by using a custom filter rule.
Please go to the link below to download AdGuard.
3677 downloads
Author: © Adguard
Category: Security tools
Update: January 17, 2018
When the download is finished, start the downloaded file. You will see the “Setup Wizard” screen. Follow the prompts.
Each time, when you launch your Apple Mac, AdGuard will launch automatically and stop intrusive ads, block malicious and misleading web sites.
To sum up
Now your computer should be clean of the Silver Sparrow malware. We suggest that you keep AdGuard (to help you stop unwanted pop up ads and unwanted harmful web-pages) and MalwareBytes AntiMalware (to periodically scan your computer for new adwares and other malicious software).
If you are still having problems while trying to remove malware from Mac, then ask for help here here.
I just scanned my Mac, the recommended antivirus (malwarebytes) didn’t find anything. Can I be sure that the Silver Sparrow malware is not on my Mac computer?