If the recent reports are to be believed, a new ransomware has been discovered targeting mac users. The latest macOS targeting malware has been dubbed as EvilQuest, officially known as OSX.EvilQuest. According to the security researchers, the particular ransomware is different from other macOS ransomware threats as it not only encrypts victim’s files but also installs a reverse shell, keylogger and steals cryptocurrency wallet-related files from the infected devices.
The researchers also mentioned that with such proficiency, the attacker can take over the infected host completely. This means even if victims paid the ransom, the attacker would still have access to their devices and hence continue to steal sensitive information whenever they want.
As per security researchers, the macOS ransomware was first discovered in a pirate copy of an app- Little Snitch available on a Russian forum with its torrent links. The downloaded app came with a PKG installer file and upon examining the file, it was found that the app came with a ‘postinstall script’. This is generally used to clean up the installation after the process is complete. However, in this case, the script file deploys malware to the mac operating system. Once the file encryption process ends, victims can see a popup on their display letting them know their devices and their files have been compromised. Following this, the victim is led on to a ransom note (in a text file) placed on their desktop. The note informs the victims of their personal files, documents, pictures that are no longer accessible until they pay the ransom in the form of bitcoin.
According to the researchers, the macOS ransomware also tries to change files in Google Chrome’s update mechanism in a bid to gain a strong foothold on infected hosts. This is not the first ransomware specifically targeting macOS users, back in 2016 KeRanger targeted macOS users followed by Patcher discovered by researchers in 2017.
Researchers believe there is still more to be discovered about the new ransomware like the kind of encryption this malware uses, is it easy to decrypt or is it reversible? Security experts are yet to find the answer to these questions. As a smart user, you should find ways to secure and protect your devices and data at any cost. Let us find out how we can go about that.
How to prevent EvilQuest Ransomware
At this time, EvilQuest is believed to be widely distributed via pirated software and torrenting websites. As per researchers, there is still no way to completely get rid of the new macOS malware after it has encrypted victims’ files without formatting the entire disk, therefore macOS users are advised to regularly backup everything on their devices. The best possible way to avoid paying ransoms is to keep updated backups, at the least 2-3 copies of backup of everything important.
Besides, the other way is to stick to the official app store or the third-party apps that are genuine and that you trust to avoid getting infected by such macOS ransomware.
For more news and information on how to protect your organization, visit our website. Follow us on Facebook, & LinkedIn or Contact us, 406-646-2102 and get your questions answered. Feel free to call us 406-646-2102 or mail sales@ExcelliMatrix.com.