12.5 C
New York
Friday, July 3, 2020
Home News New Mac Ransomware Found in Pirated Mac Apps

New Mac Ransomware Found in Pirated Mac Apps

There’s a new ‘EvilQuest’ Mac ransomware variant that’s spreading through pirated Mac apps, according to a new report shared today by Malwarebytes. The new ransomware was found in pirated download for the Little Snitch app found on a Russian forum.

Right from the point of download, it was clear that something was wrong with the illicit version of Little Snitch, as it had a generic installer package. It installed the actual version of Little Snitch, but it also installed an executable file named “Patch” into the /Users/Shared directory and a post-install script for infecting a machine.

The installation script moves the Patch file into a new location and renames it CrashReporter, a legitimate macOS process, keeping it hidden in Activity Monitor. From there, the Patch file installs itself in several spots on the Mac.

The ransomware encrypts settings and data files on the Mac, like Keychain files, resulting in an error when attempting to access the iCloud Keychain. The Finder also malfunctioned after installation, and there were problems with the dock and other apps.

Malwarebytes found the ransomware to work poorly and was not able to get instructions on paying the ransom, but a screenshot found on the forums where the malicious software originated suggests it’s meant to prompt users to pay $50 to recover access to their files. Note: anyone infected with this ransomware or any ransomware should not pay the fee, because it does not remove the malware.

Along with the ransom activity, the malware may also install a keylogger for monitoring keystrokes, but what the malware does with the functionality is unknown. Malwarebytes says that its software for Mac is able to remove the ransomware, detected as Ransom.OSX.EvilQuest. Encrypted files will require a restore from a backup, though.

Similar ransomware was found in other pirated apps, and Mac users can avoid it by staying away from pirated apps and untrustworthy websites and forums that offer illicit downloads.Tags: malware, Malwarebytes
This article, “New Mac Ransomware Found in Pirated Mac Apps” first appeared on MacRumors.com

Discuss this article in our forums

MacRumors-All?d=6W8y8wAjSf4 MacRumors-All?d=qj6IDK7rITs

Latest

Grab the Philips Hue smart bulb starter kit on sale for $130 at Best Buy

The Philips Hue 3-bulb starter kit is on sale for $129.99 at Best Buy. It's $40 off Best Buy's usual

Iron Man VR review: As close to becoming a superhero as you can get

The most authentic-feeling VR experience you'll find anywhere.Superhero games can, oftentimes, feel like typical licensed cash-ins, with sub-par stories, lackluster

Here’s your first look at the OnePlus Nord

OnePlus shares a teaser video of the OnePlus Nord on Instagram.What you need to knowOnePlus Nord teaser video gives us

How to watch the MLS is Back Tournament online from anywhere

The Premier League, La Liga, and Serie A seasons have resumed and soccer in the U.S. is set to return