Home Technology New 'EvilQuest' Mac ransomware found in pirated apps encrypts users files

New ‘EvilQuest’ Mac ransomware found in pirated apps encrypts users files

Mac users are now exposed to a brand-new “EvilQuest” ransomware that secures files and triggers multiple problems to the os. Malwarebytes has evaluated the ransomware today, which is being dispersed through macOS pirate apps.

The harmful code was initially found in a pirate copy of the Little Snitch app available on a Russian forum with torrent links. The downloaded app includes a PKG installer file, unlike its initial version.

By examining this PKG file, Malwarebytes discovered that the app includes a “postinstall script,” which is usually utilized to tidy up the installation after the process is completed. In this case, nevertheless, the script executes a malware to the macOS.

The script file is copied to a folder related to the Little Snitch app under the name CrashReporter, so the user will not notice it running in the Activity Monitor since macOS has an internal app with a comparable name. The set place is:/ Library/LittleSnitchd/CrashReporter.

Malwarebytes keeps in mind that it spends some time before the ransomware begins working after it’s installed, so the user won’t associate it with the most recent app installed. When the harmful code is triggered, it customizes system and user files with unidentified encryption.

Part of the encryption causes the Finder not to work properly and the system crashes constantly. Even the system’s Keychain gets corrupted, so it’s impossible to gain access to passwords and certificates minimized the Mac. A message on the screen states the user must pay $50 to recuperate its files, otherwise whatever will be erased after 3 days.

There’s still no chance to get rid of malware after it has secured the files, so users should keep an updated backup of whatever.

The finest way of avoiding the consequences of ransomware is to keep a good set of backups.

Although the ransomware is only consisted of with pirated apps for now, Apple needs to repair this security flaw as rapidly as possible because this malicious code can be included in more apps.

You can find out more technical details about EvilQuest on Malwarebytes’ site.

FTC: We use income making automobile affiliate links. More.


Take A Look At 9to5Mac on YouTube for more Apple news:

Find Out More

Must Read

‘It’s a big punishment already’: Manly captain defends length of Fonua-Blake ban

'It's a big punishment already': Manly captain defends length of Fonua-Blake banSkip to sections navigationSkip to contentSkip to footer24-year-old breached the code's anti-vilification code after also referring to the match officials as a "bunch of spastics" in the Lottoland sheds.That tirade was not directly aimed at the officials, but was part of Atkins' post-match report…

A 13 se eleva el número de fallecidos tras explosión de camión en Magdalena

A 13 ascienden las víctimas mortales de la tragedia registrada en la vía Ciénaga–Barranquilla, a la altura de Tasajera, informaron las autoridades de Salud del Distrito de Barranquilla. Según el reporte médico de la Clínica General del Norte, las personas fallecidas se encontraba en delicado estado de salud por las quemaduras que sufrieron en gran parte de su…

Princess marries Roald Dahl’s grandson in lavish royal wedding after changing the date

A Jordanian princess has married her British fiancé in what's believed to be the first royal wedding to take place during the coronavirus pandemic.Princess Raiyah of Jordan wed British journalist Ned Donovan in a lavish celebration in the UK, after postponing their nuptials earlier this year.Much like Britain's Princess Beatrice, who was due to marry…

¿Recuerdas a Erasmo Catarino? Tras ganar ‘La Academia’ y vivir tragedia, reaparece en TV Azteca

Ciudad de México.- Erasmo Catarino, originario de Xalpatláhuac, Guerrero, saltó a la fama en La Academia al ganar el exitoso reality de TV Azteca en la Cuarta Generación. El cantante, antes de que se iniciara en la música, se formó profesionalmente como maestro en la Normal de Tlapa. Su humildad y gran talento lo catapultaron le tenían casi asegurado…

Prince William and Harry agree to divide earnings from Diana fund

Prince William and Harry agree to divide earnings from Diana fundPrince William and Prince Harry have agreed to officially split future proceeds of their late mother Princess Diana’s memorial fund.As part of their separation of charitable activities, the Cambridges’ Royal Foundation and the Sussex Royal foundation which is no longer active, had signed an agreement…