Mac devices are currently targeted by new ransomware, which is more sinister than before. According to Arstechnica's latest report, the new Mac ransomware called ThiefQuest or EvilQuest is more dangerous--it steals credit card numbers and passwords.
Also Read: APPLE UPDATE: iOS 14's New Warnings on User Tracking; Ad Firms Are Worried, Here's Why
BEWARE: New Mac Ransomware, ThiefQuest, is More Dangerous Than Before; It Sticks Around Even After Computer Reboots
Also Read: Huawei 5G May Be Axed from British Network after Intelligence Report Predicts Security Risks on Mobile Infrastructure
Since the first full-fledged Mac ransomware appeared only four years ago, there haven't been too many strains explicitly developed to attack Apple's Mac computers. However, the danger of ransomware may seem ubiquitous. However, Mac ransomware's danger became more sinister after the findings of a new Mac ransomware were published on June 30, by Dinesh Devadoss, a malware researcher at firm K7 Lab.
Dinesh also posted the findings on his Twitter account @dineshdina04; showing how the new Mac ransomware gets more interesting. The ransomware, which was originally named as EvilQuest, was changed to ThiefQuest after the security researchers discovered the Steam game series of the same name.
#macOS #ransomware impersonating as Google Software Update program with zero detection. MD5:
522962021E383C44AFBD0BC788CF6DA3 6D1A07F57DA74F474B050228C6422790 98638D7CD7FE750B6EAB5B46FF102ABD@philofishal @patrickwardle @thomasareed pic.twitter.com/r5tkmfzmFT — Dinesh_Devadoss (@dineshdina04) June 29, 2020
According to the report, ThiefQuest has a whole other set of spyware abilities that allow it to search the system for cryptocurrency wallet data and passwords, as well as exfiltrate files from an infected device or computer. It can also run a robust keylogger to steal credit card numbers, passwords, or other financial information as an individual type it in the device.
ThiefQuest is more dangerous than before
According to Arstechnica, the new Mac ransomware can stick around even after the computer reboots, by lurking persistently as a backdoor on infected devices, which could be used for additional or second stage attacks as a launchpad.
BEWARE: New Mac Ransomware, ThiefQuest, is More Dangerous Than Before; It Sticks Around Even After Computer Reboots
"Looking at the code, if you split the ransomware logic from all the other backdoor logic the two pieces completely make sense as individual malware. But compiling them together you're kind of like what?" said the principal security researcher at the Mac management firm Jamf, Patrick Wardle, via Arstechnica.
"My current gut feeling about all of this is that someone basically was designing a piece of Mac malware that would give them the ability to completely remotely control an infected system. And then they also added some ransomware capability as a way to make extra money," he added.
The report clarified that ThiefQuest can only infect your Mac device if a pirated, unvetted software or application is installed. The director of Mac and mobile platforms at the security firm Malwarebytes, Thomas Reed, found out that torrent sites are used to distribute ThiefQuest bundled with name-brand software. Just like the security app Little Snitch, music production platform Ableton, and DJ software Mixed in Key.
Also Read: [TIPS AND TRICKS] How to Know if Girlfriend, or Anyone, is Spying on Your Android Device
