Security News > 2020 > July > Ransomware Functionality Removed From ThiefQuest Mac Malware

Ransomware Functionality Removed From ThiefQuest Mac Malware
2020-07-20 11:10

The developers of the Mac malware named ThiefQuest continue to improve their creation and researchers noticed that the latest versions of the threat no longer include ransomware functionality.

Security experts noticed that the ransomware functionality was incomplete and the main goal of the malware was likely not to help threat actors make a profit from the ransom paid by victims.

Interestingly, the initial variants, which first emerged in early June, focused on providing backdoor capabilities and ransomware functionality was only implemented in the second and third generations.

This could suggest that the ThiefQuest developers may be preparing to reintroduce ransomware functionality as previous variants of the threat displayed the ransom note in a modal window and used the speech feature in macOS to read it out to the victim.

The threat actor has also made some improvements to functionality designed to determine if the malware is running in an analysis environment, which should prevent ThiefQuest from being analyzed by researchers, and the malware now checks the compromised system for the presence of several security products, and attempts to terminate them if found.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/Um7-T9U9ZyY/ransomware-functionality-removed-thiefquest-mac-malware