Security Alert: Watch out for new Mac ransomware!
Reading Time:
1 minute, 33 seconds
Security Alert: Watch out for new Mac ransomware!
Jumping Trout, LLC
(IBT July 1, 2020) As if 2020 didn't have enough problems, there's now a new ransomware that targets Mac users. According to IBT and Malwarebytes, a new ransomware known as 'EvilQuest' is targeting unsuspecting Mac users downloading pirated apps from the internet. This new ransomware can be installed in Macs by a malicious Little Snitch app installer that can be downloaded from a Russian forum that provides torrent links. While this is a new ransomware, it is recognizable. Here are some signs that will drive you away from the software.
First, the installer comes in an Apple installer pcakage that uses a generic icon that is "pointlessly distributed" inside a disk image file. Just like a legitimate installer, the malicious version includes installer and uninstaller apps. but with the addition of a "patch" file. The package also includes a script that moves the patch file into a different location, renames it, and hides in the Acitivty Monitor after the installation is complete.
This new file then copies and installs itself in various locations, encrypting data and settings files, including your keychain passwords. Your files will then be blocked from your use. Other signs include erros in the Dock and Finder apps.
In some cases, people have discovered a file containing instructions on paying ransom in order for the encrypted files to be decrypted. The malware also has an alert and uses text-to-speech to inform users that their Mac has been infected. If this happens, DO NOT pay the ransomware amount. This will most likely not remove the malware, according to MacRumors.
Luckily, there is software that can supposedly remove the malware/ransomware from Malwarebytes. However, it might just be easier to avoid this predicament if you don't download illegal and pirated apps from the internet.
Source: www.ibtimes.com/evilquest-ransomware-targeting-mac-users-through-pirated-apps-3003731
First, the installer comes in an Apple installer pcakage that uses a generic icon that is "pointlessly distributed" inside a disk image file. Just like a legitimate installer, the malicious version includes installer and uninstaller apps. but with the addition of a "patch" file. The package also includes a script that moves the patch file into a different location, renames it, and hides in the Acitivty Monitor after the installation is complete.
This new file then copies and installs itself in various locations, encrypting data and settings files, including your keychain passwords. Your files will then be blocked from your use. Other signs include erros in the Dock and Finder apps.
In some cases, people have discovered a file containing instructions on paying ransom in order for the encrypted files to be decrypted. The malware also has an alert and uses text-to-speech to inform users that their Mac has been infected. If this happens, DO NOT pay the ransomware amount. This will most likely not remove the malware, according to MacRumors.
Luckily, there is software that can supposedly remove the malware/ransomware from Malwarebytes. However, it might just be easier to avoid this predicament if you don't download illegal and pirated apps from the internet.
Source: www.ibtimes.com/evilquest-ransomware-targeting-mac-users-through-pirated-apps-3003731
Posted In:
