+8I just read about this new malware found to have infected 30,000 macs. Here's the link to information: https://redcanary.com/blog/clipping-silver-sparrows-wings/
Has anyone come up with some strategies to find and remove this from macs in their environment?
Thanks for sharing.
+5So far I've found five, while our AV has detected one. Manually searching through each, I ended up edited the above to include the following directories:
~/Library/Application Support/com.tasks.updater/
~/Library/Application Support/com.hello.tasker/
5 out of 2,400 macs
Seen on 10.14.x-10.15.x
+10It would probably be useful to know fleet size also. I currently have not seen any infections out of about 300 machines.
@maristchris Using a script to detect I've seen zero. We also have SentinelOne so I don't know if that might have found something and dealt with it. I don't have access to that side of things to know.
+20Nothing here. About 150 Macs. Nothing in the McAfee EP either. Thanks for the scripts and EA above!
+4Hi @rbrinckmann I used your Modified EA and now it is showing my whole Computers numbers that are enrolled... I think I have messed up something.. I tried to use the earlier EA @ncworster mentioned and it is still showing numbers of all enrolled machines. Any advice?
+18@agakhan_admin How is your Smart Group setup?
Try: name of your Extension Attribute
Operator: Like
Value: Yes
+4@atomczynski Thank you, Value was missing. I put it.
Further, now there were 2 MacBook that was detected earlier with the suspect files, the count it detected is "0" now. They are gone, not sure how. Any idea?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.