New Mac Ransomware Found in Pirated Mac Apps Tuesday, 30 June 2020 ()
There's a new 'EvilQuest' Mac ransomware variant that's spreading through pirated Mac apps, according to a new report shared today by Malwarebytes. The new ransomware was found in pirated download for the Little Snitch app found on a Russian forum.
Right from the point of download, it was clear that something was wrong with the illicit version of Little Snitch, as it had a generic installer package. It installed the actual version of Little Snitch, but it also installed an executable file named "Patch" into the /Users/Shared directory and a post-install script for infecting a machine.

The installation script moves the Patch file into a new location and renames it CrashReporter, a legitimate macOS process, keeping it hidden in Activity Monitor. From there, the Patch file installs itself in several spots on the Mac.

The ransomware encrypts settings and data files on the Mac, like Keychain files, resulting in an error when attempting to access the iCloud Keychain. The Finder also malfunctioned after installation, and there were problems with the dock and other apps.

Malwarebytes found the ransomware to work poorly and was not able to get instructions on paying the ransom, but a screenshot found on the forums where the malicious software originated suggests it's meant to prompt users to pay $50 to recover access to their files. Note: anyone infected with this ransomware or any ransomware should not pay the fee, because it does not remove the malware.

Along with the ransom activity, the malware may also install a keylogger for monitoring keystrokes, but what the malware does with the functionality is unknown. Malwarebytes says that its software for Mac is able to remove the ransomware, detected as Ransom.OSX.EvilQuest. Encrypted files will require a restore from a backup, though.

Similar ransomware was found in other pirated apps, and Mac users can avoid it by staying away from pirated apps and untrustworthy websites and forums that offer illicit downloads.

Tags: malware, Malwarebytes

This article, "New Mac Ransomware Found in Pirated Mac Apps" first appeared on

Discuss this article in our forums

You Might Like

Related videos from verified sources

World premiere of the new Volkswagen Tiguan - Infotainment System [Video]

World premiere of the new Volkswagen Tiguan - Infotainment System

The new Volkswagen Tiguan will feature the latest generation modular infotainment system (MIB3), a standard configurable digital instrument panel and the next-gen personalization system. MIB3 offers..

Credit: AutoMotions     Duration: 01:51Published
Florida Man Goes Berserk in Costco When Asked to Wear a Mask [Video]

Florida Man Goes Berserk in Costco When Asked to Wear a Mask

FORT MYERS, FLORIDA — The combination of Florida man and Costco was never going to end well and on the 27th of June, this man was caught on camera throwing a red-faced hissy fit after an elderly..

Credit: TomoNews US     Duration: 01:59Published
IOS 14, IPadOS 14 allow user to set default email, browser apps [Video]

IOS 14, IPadOS 14 allow user to set default email, browser apps

Apple has rolled out a new feature that allows iPhone and iPad users to change the default email and browser applications in the new iOS 14 and iPadOS 14. According to The Verge, the company revealed..

Credit: ANI     Duration: 01:10Published

Related news from verified sources

Today’s best iOS + Mac app deals: Vertigo Racing, WEATHER NOW, more

We are now ready to collect all of Wednesday’s best Mac and iOS app deals. While we still have deep deals live on NordVPN services, there are plenty of new...

Sim Genie is a new Mac app that helps developers manage multiple iOS Simulators

If you are an iOS developer, you have two options when testing your apps during development: Use real devices, or the iOS Simulator that ships with Xcode. With...

Algoriddim's New 'djay Pro AI' Brings Real-Time Separation of Vocals, Instruments, and Beats to djay for iOS

Algoriddim, the company behind the popular djay line of music apps for iOS, Mac, Windows, and Android, today is introducing a major update for its djay app for...

Tweets about this