3/3/2023 0 Comments Sqwarq detectx swift![]() Really? Of nearly 40,000 infections, Malwarebytes can’t say how even a SINGLE ONE was “delivered” to a user? And neither, apparently, can any other Mac security company? We’re also the world leader in COVID infections - is there a pattern here?) And then, astonishingly, it claimed that “…we do not know how these files were delivered to the user.” (Do they publish their methodology?) On 2/23/21 the company upped that claim to a total of 39,080, including 25,331 in the United States. “Landed on” Macs? They make it sound like the Sparrow flew down from outer space of its own volition.Īlso, it is amazing to me that Malwarebytes can specify the number of Macs infected so precisely. “Based on data from Malwarebytes, the malware dubbed Silver Sparrow by researchers at Red Canary, has so far landed on 29,139 macOS machines across 153 countries…” It’s fascinating.īut lost in all the analyses is any explanation, or even educated speculation, of how the malware packages (in the case of “Silver Sparrow,” the prosaically named ‘updater.pkg’ and ‘update.pkg’) end up on Macs in the first place.Īnd some of the wording is a bit odd, e.g.: There are a number of detailed analyses about how it works - and the primary point of interest/sex appeal seems to be that it contains native Apple Silicon binaries - but none revealing how you get it in the first place.ĭon’t get me wrong - I love to learn about how malware works. The “Silver Sparrow” malware discussion, such as it is, brings these to mind. Or to use another metaphor, sometimes we need to see the forest through the trees. “Beware the railroad analyst who can tell you the number of ties between Chicago and New York, but not when to sell Penn Central.” ![]() There’s an old saying among American investors: ![]() I’m betting that these two don’t either, although Apple has neutralized it. The last time these two were updated, you mentioned that neither addresses the “Silver Sparrow” malware. I am grateful to Phil Stokes at Sentinel Labs for decoding of the obfuscated malware names here. I maintain lists of the current versions of security data files for Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page. I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button. If your Mac has not yet installed this update, you can force an update using SilentKnight, LockRattler, or at the command line. You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.Ī full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan, Sierra, High Sierra, Mojave, Catalina and Big Sur, available from their product page. Update: Phil Stokes has corrected my original list, and identified these three additions as being AdLoad (MACOS.2afe6bd), Bundlore (MACOS.b5bd028), and Genieo, MaxOfferDeal (MACOS.d98ded3). Apple has just pushed two updates, to the data files used by XProtect, bringing its version number to 2141 dated 4 March 2021, and to its malware removal tool MRT, bringing it to version 1.75, also dated 4 March 2021.Īpple doesn’t release information about what these updates add or change, and now obfuscates the identities of malware detected by XProtect using internal code names.Ĭhanges found in the XProtect Yara definitions include removal of the signature for MACOS.7ef4bab (AdLoad variants, which had only been added in version 2140) and addition of those for MACOS.2afe6bd, MACOS.b5bd028 and MACOS.d98ded3.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |