A new ransomware known as EvilQuest is targeting macOS users, this dangerous ransomware targets home users rather than companies. Most especially users who download installers for popular apps via torrent.
The malware is a ransomware which encrypts the files on a victim computer until a ransom is paid it comes in variant with the other one a spyware that looks up users valuable information and then send it to remote servers of the malware developers.
The EvilQuest attack was first discovered on the dark web in a research funded by Fortinet and AlienVault. The Ransomware was also researched by Dinesh Devadoss, a K7 Lab malware researcher. Dinesh Devadoss findings shows that EvilQuest has been active since the beginning of June 2020. Malware lab firms, like Malwarebytes, have found the ransomware attached to pirated macOS software distributed mainly through warez forum and torrent sites.
McAfee also did conducted a separate investigation on the recently discovered Mac ransomware and they admitted that the focus of ransomware developers has now shifted from Windows PC to Apple’s Mac computers these days because it seems like the hackers have learnt that Mac PC users store much more valuable information than Window users which is a hidden treasure when exploited through proper channels. McAfee report also says that there are about 450,000 malicious programs aimed at Macs on the dark web and over 23 million targeting Windows users.
The ransomware when scanned appears to be undetected by Anti-virus programs as seen below
EvilQuest Ransomware uses same BTC address to collect Payment
The deadly apple ransomware, EvilQuest asks it’s victims to pay a ransom through the same Bitcoin (BTC) address in every attack. One of the first signs that EvilQuest has began attack is that MacOS Finder freezes. Once the file encryption has been completed, a text file is generated with instructions on how to pay the ransom.
More details are coming soon.