image
A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. Researchers say the ransomware is being distributed via various versions of pirated software. EvilQuest, first discovered by security researcher Dinesh Devadoss, goes beyond the normal encryption capabilities for run-of-the-mill ransomware, including the ability to deploy a keylogger (for monitoring what’s typed into devices) and the capability to steal cryptocurrency wallets on the victims’ systems. EvilQuest samples have been found in various versions of pirated software, which are being shared on BitTorrent file-sharing sites. While this method of infection is relatively unsophisticated, it is common for other macOS malware variants – including OSX.Shlayer – “thus indicating it is (at least at some level) successful,” according to Patrick Wardle, security researcher with Jamf, in a Monday analysis. While Devadoss found the ransomware purporting to be a Google Software Update package, Wardle inspected a ransomware sample that was being distributed via a pirated version of “Mixed In Key 8,” which is software that helps DJs mix their songs. Another sample was analyzed Tuesday by Thomas Reed, director of Mac and mobile with Malwarebytes, in a malicious, pirated version of Little Snitch. Little Snitch is a legitimate, host-based application firewall for macOS. The malicious installer was found available for download on a Russian forum, dedicated to sharing torrent links. “The legitimate…

Source