Saturday, July 11, 2020
Home Science New ‘EvilQuest’ Mac ransomware found in pirated apps encrypts users files -...

New ‘EvilQuest’ Mac ransomware found in pirated apps encrypts users files – 9to5Mac

Mac users are now exposed to a new “EvilQuest” ransomware that encrypts files and causes multiple issues to the operating system. Malwarebytes has analyzed the ransomware today, which is being distributed through macOS pirate apps.

The malicious code was first found in a pirate copy of the Little Snitch app available on a Russian forum with torrent links. The downloaded app comes with a PKG installer file, unlike its original version.

By examining this PKG file, Malwarebytes discovered that the app comes with a “postinstall script,” which is typically used to clean up the installation after the process is completed. In this case, however, the script implements a malware to the macOS.

The script file is copied to a folder related to the Little Snitch app under the name CrashReporter, so the user won’t notice it running in the Activity Monitor since macOS has an internal app with a similar name. The set location is: /Library/LittleSnitchd/CrashReporter.

Malwarebytes notes that it takes some time before the ransomware starts working after it’s installed, so the user won’t associate it with the latest app installed. Once the malicious code is activated, it modifies system and user files with unknown encryption.

Part of the encryption causes the Finder not to work properly and the system crashes constantly. Even the system’s Keychain gets corrupted, so it’s impossible to access passwords and certificates saved on the Mac. A message on the screen says the user must pay $50 to recover its files, otherwise everything will be deleted after three days.

There’s still no way to get rid of malware after it has encrypted the files without formatting the entire disk, so users should keep an updated backup of everything.

The best way of avoiding the consequences of ransomware is to maintain a good set of backups. Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)

Although the ransomware is only included with pirated apps for now, Apple must fix this security flaw as quickly as possible since this malicious code can be included in more apps distributed outside the App Store.

You can read more technical details about EvilQuest on Malwarebytes’ website.

FTC: We use income earning auto affiliate links. More.

Apple July 4 sale Adorama


Check out 9to5Mac on YouTube for more Apple news:

Read More

4 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

LinkedIn sued after being caught reading users’ clipboards on iOS 14 – 9to5Mac

LinkedIn was recently caught reading users’ clipboards on iPhone and iPad thanks to the new privacy features of iOS 14, as we reported last week. Even though the company claimed it was due a software bug, there’s now an iPhone user who’s suing LinkedIn for supposedly reading sensitive content from the clipboard without permission. According…

Dodge Challenger SRT Hellcat Redeye Widebody review: Business Insider – Business Insider – Business Insider

The Challenger SRT Hellcat Redeye is a whole lotta car. Matthew DeBord/Insider I drove a $92,245 Dodge Challenger SRT Hellcat Redeye Widebody, the most thoroughly insane trim level of Dodge's two-door, neo-muscle car.The car has a 6.2-liter supercharged V8 that makes 797 horsepower.That kind of power is staggering, but the Challenger is also a very…

Google Might Try to Save Its Fitbit Deal From EU Regulators By Promising Not to Use Health Data for Ads – Gizmodo

Fitbit’s devices, like the Versa 2 smartwatch, collect a ton of health data.Photo: Victoria SongEuropean regulators are examining Google’s deal to acquire Fitbit, even seeking perspective from healthcare providers and the company’s rival wearable device makers. This appears to be making Google sweat a little bit, according to a Reuters report, because the company may…

Upcoming Toyota Supra GRMN Will Get the 510-HP BMW M3 Engine: Report – The Drive

A manual transmission is not likely, however.ToyotaThe most common gripe with the fifth-generation Supra is not a lack of power, but the lack of a manual transmission. It's a bit odd, but I suppose still welcome, that our second-place prayers for an even faster Supra may soon be answered. The Japanese-language publication Best Car Web…