![]() ![]() ![]() I was pretty shocked to find that one computer reported the existence of two of the files. ![]() ![]() I created an Extension Attribute that looked for the existence of these files, not really expecting to find anything. "/Users/$user/Library/Launchagents/init_ist" "/Users/$user/Library/Application Support/verx_updater" "/Users/$user/Library/Application Support/verx_updater/verx.sh" "/Users/$user/Library/Application Support/agent_updater/agent.sh" The files to look for, it seemed, were these: "/Applications/tasker.app" Threads appeared on Jamf Nation (such as this one) and Slack discussing the malware and how to detect it. We first learned of Silver Sparrow through news articles and this fantastic breakdown by Red Canary. That being said, it could have been much worse and it is always a good idea to examine security policies in the wake of events like this. Additionally, Mac’s Gatekeeper and XProtect services jumped on the malware very quickly, preventing it from running. All the headlines make it seem scary, but the truth is that the malware doesn’t actually have a payload. I will preface this by saying that I think that the hype about Silver Sparrow has been overblown. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |