EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities

2020-06-30 21:27

A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest.

While Devadoss found the ransomware purporting to be a Google Software Update package, Wardle inspected a ransomware sample that was being distributed via a pirated version of "Mixed In Key 8," which is software that helps DJs mix their songs.

The ransomware then begins encrypting victims' files by invoking the "Eip encrypt" function.

The ransomware also has the capabilities to detect several cryptocurrency wallet files, with commands to hunt out the following specific ones: "Wallet.pdf", "Wallet.png", "Key.png" and "*.p12.

EvilQuest joins a small list of ransomware families in the wild specifically targeting Mac users, including KeRanger and MacRansom.

News URL

https://threatpost.com/evilquest-mac-ransomware-keylogger-crypto-wallet-stealing/157034/

#crypto #keylogger #MAC #ransomware

News URL

Related news