Ransomware that only targets MacOS systems is still relatively rare. EvilQuest is now a particularly nasty malware of this kind for Apple computers in circulation. It not only encrypts data but also brings a keylogger with it.
Nasty people keep coming back on Mac
OSX.EvilQuest: Security researcher Patrick Wardle is currently using this name to warn of a new malware that was developed for Apple systems. “It is not common for new ransomware that targets macOS to be discovered,” said Wardle in his first analysis – as ZDNet adds in its report, EvilQuest is only the third ransomware strain after KeRanger and Patcher that is exclusively on OSX -Computer has been tuned.
First of all, the pest has a classic ransomware effect. Once executed, data is encrypted and the user is informed of this with a text popup. However, this only really starts the problem for those affected: “After the encryption process has ended, the ransomware installs a keylogger to record all keystrokes of the user,” says security researchers.
In addition, a reverse shell is set up in the system, which enables the attacker to connect to the infected host and execute user-defined commands. Finally, the malware looks for and steals typical files for cryptocurrency wallet applications. In short: With one application, the attackers achieve many goals here.
Infection risk low
If you then look at the analysis of possible routes of infection, a fairly well-known picture emerges: The pest was originally made public on June 29 by security researcher Dinesh Devadoss. Its investigations suggest that it has probably been distributed since the beginning of June. The gateway used: “EvilQuest is hiding in pirated macOS software that has been uploaded to torrent portals and online forums.”
Devadoss names a software package called “Google Software Update”, other security researchers have discovered EvilQuest in pirated copies of the DJ software “Mixed In Key” and the macOS security tool Little Snitch. According to the researchers, one can assume that many other applications from such sources are currently carrying the pest. The software also relies on users paying less attention to an installation warning. “macOS users who attempt to pirate software may ignore this warning,” said Wardle.