New Mac Ransomware Spreading Through Pirated Apps

Share on twitter
Tweet
Share on whatsapp
WhatsApp
Share on facebook
Share
Mac likely to get hacked more than Windows
Image: Depositphotos

A new Mac ransomware has been discovered by folks at Malwarebytes. According to the report, it’s a variant of “EvilQuest” ransomware which is spreading through pirated Mac apps.

The team discovered the ransomware after Twitter user @beatsballert messaged them about a pirated Little Snitch app on a Russian forum, which distributes torrent links. Analyzing the installer, researchers at Malwarebytes discovered it’s not just malware but new ransomware.

Just by looking at installer, the team was skeptical since it had a generic installer package. Unexpectedly, the package did install the actual Little Snitch but side by side, it installed an executable file named “Patch” as well as a postinstall script. While it is common for installers to include postinstall scripts, here the script was bundled with malware.

After running the script, the patch quickly moved to a different location and renamed itself “CrashReporter” which is a known macOS process. From there, the patch injects itself into several other areas. The team noted that several apps started to malfunction; however, the ransomware primarily encrypts Keychain files and other data files. Later, it asks users to pay a $50 to unlock the files.

macos evil quest

Of course, the $50 fee doesn’t remove the malware, but interestingly, there were no clear instructions on how to pay the ransom in the first place. According to the report, the malware sometimes installs a keylogger as well; however, its functionality is unknown. Malwarebytes detects the malware as “Ransom.OSX.EvilQuest” and infected files can be recovered with a previous backup.

We advise users to steer clear of pirated apps for Mac since they can carry similar ransomware or other malware.

Charanjeet Singh

Charanjeet Singh

Charanjeet owns an iPhone but his love for Android customization lives on. If you ever ask him to choose between an iPhone, Pixel or Xiaomi; better if you don't.
Scroll to Top