Security News > 2020 > July > A New Ransomware Targeting Apple macOS Users Through Pirated Apps

Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps.

According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant - dubbed "EvilQuest" - is packaged along with legitimate apps, which upon installation, disguises itself as Apple's CrashReporter or Google Software Update.

Besides encrypting the victim's files, EvilQuest also comes with capabilities to ensure persistence, log keystrokes, create a reverse shell, and steal cryptocurrency wallet-related files.

In the last stage, EvilQuest launches a copy of itself and starts encrypting files - counting cryptocurrency wallet and keychain related files - before eventually displaying ransom instructions to pay $50 within 72 hours or risk leaving the files locked.

While work is on to find a weakness in the encryption algorithm to create a decryptor, it's recommended that macOS users create backups to avoid data loss and use a utility like RansomWhere? to thwart such attacks.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/VtFVjAVAAtA/macos-ransomware-attack.html