Ransomware: EvilQuest discovered in illegal copies

Malwarebytes security researchers have discovered a new ransomware that is said to be in illegal copies of Mac software. The goal is to extort money from potential infected people.

EvilQuest works like classic ransomware. Once installed, the malware begins to nest in the system and encrypt the hard disk or SSD. Users lose access to their data. A fee will be charged to get it back. It should be $ 50 (with no additional fees). It remains to be seen whether encryption will be lifted.

EvilQuest also installs a keylogger. In this way, all keyboard entries, such as passwords, are saved. The pest was found in an alleged illegal copy by Little Snitch. Instead of a cracked installer, the generic installer of the ransomware is hidden there.

Screenshot forum RU Tracker / via Malwarebytes

EvilQuest – installation and masking

When executing the installer, a file called “Patch” ends up in the user’s shared directory and the script is started. It renames itself “CrashReporter” so as not to attract attention in the activity display.

In general, software should only be installed from trustworthy sources. Little Snitch is not available in the App Store, but can be obtained directly from the developer’s website.

Via Malwarebytes

Leave a Reply

Your email address will not be published. Required fields are marked *