News & Analysis

Macbook Users Beware: EvilQuest is Out There

In case you’re a Macbook user, please carry on reading this article as it may save your data, your job as well as your life – and not necessarily in that order. A new piece of ransomware that is being distributed by pirate macOS apps is doing the rounds. 

Dubbed EvilQuest, the ransomware is targeting macOS users across the world, which makes it quite a unique instance in the rather secure world of Mac users. And what does it do? Well, we hear that this malicious software encrypts user files and then asks users to pay up to unlock. Security researchers at MalwareBytes are warning that the ransomware is quite a nasty one. 

What the Devil is this?

First spotted by independent malware researcher Dinesh Devadoss, EvilQuest has apparently been circulating for close to a month now. And as it went about messing up Macs and making money out of user helplessness, the malware also added a keylogger and a reverse shell on the system besides a code that could steal cryptocurrency wallet files. 

The malware, which was first located on a pirated copy of the Little Snitch app from a Russian forum, comes with a PKG installer file unlike its original version from a month ago. Researchers at Malwarebytes say they figured out the presence of a postinstall script that cleans up any installations after the process is complete. 

Malwarebytes says it takes some time before the ransomware starts working after it’s installed, so the user won’t associate it with the latest app installed. Once the malicious code is activated, it modifies system and user files with unknown encryption. A part of this causes the Finder to malfunction and regular crashes of the system. Even the Keychain gets corrupted which makes it well-nigh impossible to access passwords and certificates that users may have saved. 

And this is the moment when the screen displays the ransom demand that could be as low as $50 dollars with a further message that users have up to three days to pay up or face the real possibility of their data being wiped clean. Malwarebytes says that users should keep an updated backup of their data at all possible times as once installed, there is no way to rid the system of the malware, but clean it up. 

How does one escape? 

The best way to avoid the malware is to ensure that you backup the Mac regularly, which I just did while writing this piece. In fact, Malwarebytes suggests that it may be a good idea to keep two backup copies of all important data, of which one should be kept away from the Mac at all times, since ransomware can attempt to encrypt or damage backups connected to drives. 

Now, we are looking up to Apple to fix this security issue as quickly as possible since the same malicious code could get added into more apps. Currently, it is only being spread through one app and we definitely would like readers to remove Little Snitch in case they’ve it on their Mac. 

Image Source:

Leave a Response