ThiefQuest Ransomware Targets Mac Devices As It Spreads Via Piracy

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

Heads up Mac users! Don’t fall for the Little Snitch free version offered on different forums. In fact, this applies to every premium software that the provider offers for free. A new ransomware ‘ThiefQuest’ is in the wild targeting Mac devices via pirated software.

ThiefQuest Ransomware Targets Mac Users

Reportedly, a researcher Dinesh Devadoss caught a new malware in the wild targeting Mac devices. Disclosing about it in a tweet, the researcher stated that he found the malware impersonating the Google Software Update Program.

Nonetheless, further analyses of the malware revealed that that is not the only source through which the malware disseminated. Rather, the malware, precisely, ransomware, first named an EvilQuest, then renamed as ThiefQuest, actually spread through many sources.

According to Patrick Wardle’s analysis, he caught the malware sample packaged as a pirated copy of the popular music software ‘Mixed In Key’. Whereas, Thomas Reed of Malwarebytes found it packaged as the pirated version of Little Snitch – a macOS application firewall.

So, it seems the threat actors may have hidden the ThiefQuest ransomware in various false apps for Mac devices.

In brief, upon reaching the target device after the victim installs the fake app. Along with the legit installer, the package also downloads an executable file named ‘patch’ on the device. This would, in turn, launch the malware whilst establishing the infected device’s communication with the C&C server.

Besides, the malware also possesses features to evade detection by security tools. For instance, it checks the device for the existence of any popular antimalware services. Plus, it renames the ‘patch’ file as ‘CrashReporter’ – an otherwise legit macOS process. Hence, it escapes detection even if seen in the Activity Monitor.

Malware Seems In Development

Currently, the researchers believe that the malware is under development as it does not vigilantly encrypt the files.

Nonetheless, the threat actors behind this malware seem to use this ransomware for various purposes as they pack multiple features in it. For instance, it installs keylogger to log sensitive details such as passwords.

Hence, Mac users should remain very careful while downloading any apps or software to their systems. Make sure to interact with legit service providers only. Avoid downloading any cracked versions or pirated copies of the tools to stay safe from Mac malware.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!