About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Home » Industry Watch

Silver Sparrow Media Coverage

Make it easy on yourself. No more bending over for Auntie Tim.

Get It

Try It

Now that we've all seen that there's something called 'Silver Sparrow' owning Apple fanboys...

Red Canary did an excellent coverage of it, and we followed with a simple 'pimp' of their piece with a few further bits of advice, a blast from the past, and spurious asides.

Yes, this could be dangerous going forward. And yes, this is yet another reason why fully controlled and open source operating systems are the only way to go.

(No one could have dreamt twenty years ago that Apple would double-cross the open source community as they did. At least we didn't - ten years ago is different.)

Anyway. Now that we know, now that we should be prepared for the next step, here are a few reflections on how the media covered Silver Sparrow.


But first, before we begin, a reminder that there are a few more ways to protect yourself from Silver Sparrow short of cashing in your Apple box for a safer and fully open source system. Those 'more ways' are CLIX and Tracker. And perfectly adequate versions of CLIX and Tracker are available for free with the ACP Test Drive, linked through every menu bar on this site.

What does CLIX do?

This is easy to grok. CLIX stands for Command Line Interface for OS X. You're running command line commands through a graphical interface. There's a dedicated CLIX command file for Silver Surfer linked at the end of this article.

What does Tracker do?

What does Tracker do? Tracker tracks. It tracks all disk activity. It sees and logs which files have been added, which files have been modified, even which files have been merely accessed.

The command-line find can do a bit of this as well, but not nearly with the same level of panache, and certainly not with the file management capabilities of Tracker which is fully integrated with the other file management utilities in the Test Drive.

And why would you use Tracker? To make sure you see what downloads are doing to your computer. Silver Sparrow or whatever the next variant is called... People will try sneaky stuff, and Tracker gives you a fighting chance to cope. There's no other utility like it anywhere.

So have a look and download the Test Drive today. And make a practice of using CLIX to add to your skillset, and make a practice of using Tracker to track all your downloads - DMG, ZIP, whatever - just to be sure.

Some 30,000 witnits didn't.


Now onto our topic. For this is a good one. This review does not specifically target Apple shills or media shills in general, even though we all know they exist. It might be Rob Enderle trying to smear Apple, or it might be Macworld trying to smear critics of Apple: we know they exist.

No, this piece is instead a review of just how utterly dumb journalists can be. And it's not really specific to IT, as most know by now. Journalists in general are getting cheaper and cheaper.

Did you know, as an example, that they teach ethics in journalism schools? Now why on earth would they need to do that? And that's a rhetorical question of course. Having watched the media watch world events for more than ten years, our verdict is in at any rate.

So what did the media say about Silver Sparrow? News of Silver Sparrow broke some days ago, and once again it's given the media a lot of copy. As when for example Steve Jobs decided to come out with a computer that looked like a desk lamp. A simple photo would have been enough. But TIME put the thing on a cover. And so forth.

What did the media write this time, for Silver Sparrow?

The short answer: nothing of relevance. If you saw our piece, and that piece encouraged you to study the piece by Red Canary, then you know all you need to know. Reading anything else from the hundreds of pieces the media put out will net you absolutely nothing.

But reviewing what they wrote and did not wrote might offer insight and not just a bit of amusement.

Here we go. At last.


We begin with an otherwise respected rag that now uses the opportunity to - pimp shiteware?



Do not, repeat do not, get or even think of downloading any of these 'clean' apps. They're all shit. Shame on Forbes for doing this. We've seen this going on since the 1990s, first on Windows, something we called the 'rainmakers' and the 'carpetbaggers'. They come in droves. The apps can have rather fancy appearances but under the hood they're just lawnmower single-cylinder. Those interfaces are often drastic attempts to dumb things down to a level you mightn't even have realised existed - and that tells you a lot of how they regard you.

What did Mark Zuckerberg call his duped users? Dumbfucks, wasn't it?

So the only question here is how much Forbes writer Mark Sparrow (gee what a coincidence) got paid for this tripe. An additional question might be:

'What do you make of a vendor who thinks it's OK to bribe people in the media?'

Anyway. Moving on. Forbes crashed and burned.

[And if you're still not convinced, wait until the end of this article.]

Hacker News

This could potentially be one of the better ones.


'The Mach-O compiled binaries don't seem to do all that much.'

You can't run a disassembler on them? You can't run a strings tool or utility on them?

'Adding to the mystery, the x86_64 binary, upon execution, simply displays the message 'Hello, World!' whereas the M1 binary reads 'You did it!''

Yeah that's a real mystery. But there is a bit more info here, so the two minutes you need may be worth it.


This one needs tearing apart. It's written by Michael Simon. He's their executive editor. The headline is already rich.

30K Macs are infected with 'Silver Sparrow' virus and no one knows why


What did you want to know about 'why', Michael? And it's not a fucking virus, you dweeb.

Let's detour a bit.


A virus is something in the computer world that attaches itself to executable code. (This is tricky shit.) You have to jump into the executable image and redirect control flow. You have to get your own code to run before the actual code runs.

This can also be used to corrupt boot sectors. Boot sector viruses are infamous on Microsoft systems. Boot sectors contain executable code, so it's fair game.

Here's the kicker. It's only Microsoft systems (in the modern age) that are susceptible to viruses, because it's only Microsoft systems (and legacy Apple systems from the 1990s) that can't protect their boot sectors and executable images.

But that's only for viruses. There are lots of other types of malware, goodness yes. There's the trojan, which, as its name hints, is something that pretends to be doing one thing but is actually doing another.

Then of course we have the worm which is a self-propagating thing.

Worms are not viruses and trojans aren't either. And Silver Sparrow is not a virus. OK?


'Apple has since revoked the developer certificates that allowed the virus to propagate and says new machines can no longer be infected.'

That's simply not true, and anyone familiar with Apple systems knows that.

At the very best, Apple can make it difficult for the thing to run, but Silver Sparrow can always run, and, using technologies similar to what we developed here, it can fix things so there isn't a difficulty at all. All Apple are trying here is a bit of marketing/PR damage control.

'While the virus doesn't appear to have any malicious intent...'

Oh really, Michael? Incursion onto someone's computer isn't malicious?

Whatever. What's interesting here is learning how this thing is being propagated, who the dumbfucks are who run this stupid thing, and how to clean up once it's hit. And we covered the advice of Red Canary in the previous piece.

And oh Michael: a sub-header like this simply makes you look stupid. As in clueless.

'Someone planted malware that has no point.'

The same might otherwise be said about Macworld journalism. But you knew that.



PCMag falls into the same stupid trap as Macworld.

'In so doing, it prevents new macOS machines from being infected.'

No it does not. This can be agreed with:

'Silver Sparrow is being taken very seriously because of how successful it has already been at quietly infecting over 30,000 Macs around the world.'

The 'quietly' is important.


Why cover Mashable? Because they publish things. That stupid people frequent.


'The other is compiled specifically for Apple's new M1 chipset.

The other is a UNIVERSAL BINARY. Not specifically for the M1.

'New Macs are prevented from being infected.'

Again, that's bullshit. Count on journos to spread this, because journos are clueless and don't give a shit.

This piece of potential TP goes further than the rest, perhaps expected.

'Apple says that any software downloaded outside of the Mac App Store uses technical mechanisms (including its notary service) to detect malware and then block it so that it can't run.'

'Technical mechanisms'? Oh boy.

So maybe they're only quoting Apple, and that does sound like Apple marketing talking, but journos are supposed to question, not just parrot.

Mashable's Brenda Stolyar winds up with this mouthful.

'Two different types of malware detected in the three months since the new line's release is still a bit concerning.'

News AU

Jack Gramenz puts his foot (several feet) in it already in the header.

Mac computer users warned Silver Sparrow virus ticking time bomb, update immediately


Viruses? Update? Ticking time bomb? News AU can often do better. This piece is otherwise rather factual. That 'malicious search engine results' played a part is one thing, perhaps. That websites force downloads is already known. That witnit users just click on the danged things - or even worse, let their browsers open them by default - is unforgivable.

Cult of Mac

Header's good.

How to tell if Silver Sparrow malware is hiding on your Mac


But after that?

After that they recommend using Finder to find things. Can't be dumber than that.

Other than that, the piece is sparse and offers nothing the Red Canary piece doesn't do far better.

Bleeping Computer


Offers a titbit not found elsewhere, namely that you can check for telltale processes.

Caveat: Silver Sparrow runs once per hour at most and won't be running long, so the above won't be of much help.


One of the worst. This bending over backwards for the terminally lame...


'While there's no real way to detect whether said malware is on your system based on observable behaviour - since it's not doing anything at the moment...'

Not true. You can pick up activity as outlined above and with Apple's Activity Monitor. Moreover, you can correctly infer from the existence of the telltale files that there has been and will continue to be 'observable behaviour'.

But it's the link to a reader comment at Ars that pins and utterly shatters the Cringe-O-Meter.

Open 'Terminal.app' in 'Applications/Utilities'.
Type the command 'rm' followed by a single space (no quotes).

Seen enough? You should have. Kudos to 'effgee' for making things 1000% more complex than they really are.

And calling Silver Sparrow 'pesky' is the living end for David Murphy. Sorry but not sorry.

And that's but a smattering of the tonnes of frenzied media copy because of a wee bird.

The Downloads

There's a CLIX command file linked in here that makes it easy to check for Silver Sparrow with a few clicks and no more, certainly not as lamer 'effgee' would have it. (Why do they go to such inordinate lengths to make the eminently straightforward and simple so gosh-darned impossible?)

Download: CLIX-SilverSparrow (572 bytes)

This CLIX command file has three commands: to find traces of Silver Sparrow, to remove Silver Sparrow files, and to check in general if there's anything else that's been deposited at the same locations.

CLIX itself is available through the CLIX product page. CLIX is free, no strings.

Tracker's available through the Test Drive linked in the menu bar above. It's free too.

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Copyright © Rixstep. All rights reserved.