New Mac Ransomware Discovered in Pirated Mac Apps

New Mac Ransomware Discovered in Pirated Mac Apps

There is a new Mac ransomware variant hitting Macs through pirated apps. A new report from Malwarebytes says a new “EvilQuest” Mac ransomware variant was found in a pirated version of the Little Snitch app found on a Russian forum.

The illicit version of Little Snitch uses a generic installer package, which installs the real version of the app but also installs an executable file named “Patch” into the /Users/Shared directory and a post-install script for infecting a machine.

The Patch file is moved by the installation script into a new location, renaming it to “CrashReporter,” which is a legitimate macOS process. That keeps it hidden in Activity Monitor. the patch file then installs itself in numerous locations on the Mac.

The ransomware encrypts settings and data files on the Mac, like Keychain files, resulting in an error when attempting to access the iCloud Keychain. During testing by Malwarebytes, the Finder also malfunctioned and problems were experienced with the Dock and other apps.

Malwarebytes says the ransomware worked poorly and no instructions on paying the ransom were found, although a screenshot found on the forums where the malicious software originated suggests it’s meant to prompt users to pay $50 to recover access to their files. Please note: do not pay the ransom if your Mac is infected, as it does not result in the removal of the malware.

The malware may also install a keylogger to monitor your keystrokes, but what it does with that information is unknown. While Malwarebytes says that its software for the Mac will remove the ransomware, which is detected as Ransom.OSX.EvilQuest. However, encrypted files will require a restore from a backup. You have a backup, right? But you don’t download pirated apps anyway, right?

(Via MacRumors)

  1. 402198 449555Many thanks for sharing this fine piece. Quite interesting concepts! (as always, btw) 607705

  2. 27205 984974As being a Newbie, Were permanently exploring online for articles which can be of help to me. Numerous thanks 65700

  3. wow slot says:

    960392 76872hey there, your site is inexpensive. We do thank you for work 481630

  4. 919544 270125I really like your wp format, where did you get a hold of it? 885204

  5. 912889 219649Bereken zelf uw hypotheek. Hypotheek berekenen? Maak snel een indicatieve berekening van het maximale leenbedrag van uw hypotheek. 810842

  6. Betmate says:

    이용이유가생기는곳 먹튀검증 안전노리터 go

  7. 815743 526414What a lovely weblog. Ill undoubtedly be back. Please preserve writing! 103988

  8. ラブドール販売 等身大のダッチワイフは理想的なセックスパートナーですか?女性は本当に男性のダッチワイフをねじ込むのが好きですか?あなたはダッチワイフにいくら使うことができますか?チャイルドセックス人形クリエーター:それは公共サービスです

Leave a Reply

Your email address will not be published.