Dinesh Devadoss, an independent malware researcher, discovered Ransomware that is aiming to target macOS Users. He tweeted his findings recently and believed that this “OSX.EvilQuest” Ransomware has been circulating in the wild since the start of June 2020.
EvilQuest reportedly has capabilities to control the infected host fully. Aside from possessing Ransomware characteristics, this MacOS targeting ransomware reportedly installs a keylogger and reverse shell on the infected system that functions to steal cryptocurrency wallet files.
A pop-up window shown below will appear to the victim once the encryption ends.
Below is the screenshot of the ransom note that the attackers left on their desktop.
The researcher entails that this ransomware will have the ability to encrypt any files with this extensions: .pdf, .doc, .jpg, .txt, .pages, .pem, .cer, .crt, .php, .py, .h, .m, .hpp, .cpp, .cs, .pl, .p, .p3, .html, .webarchive, .zip, .xsl, .xslx, .docx, .ppt, .pptx, .keynote, .js, .sqlite3, .wallet, .dat
Once the encryption ended, the Ransomware will install the keylogger to record the victim’s keystrokes, a reverse shell for the attacker to be able to connect to the infected host and run commands. Not only that, but they have also observed that this Ransomware can modify files specific to Google Chrome’s update mechanism.
It appears that this Ransomware is hidden inside a pirated macOS software distributed on Torrent portals and other online forums. Other researchers discovered EvilQuest via the pirated version of the DJ app Mixed in Key and security tool Little Snitch. These were the reported source of EvilQuest ransomware, but the researchers believe that hackers broadly distribute this in the wild.
Mitigate the EvilQuest Ransomware
As this Ransomware appears to be solely distributed via the torrenting website and pirated software, protect yourself by sticking in legitimate sites such as the Mac App Store and developers to prevent your Mac from getting infected.
It’s also best to have your guard up all the time by making sure to have backup essential files. More so, having a proper and updated Mac Antivirus software will also help you in preventing to be a victim of EvilQuest.
Victims of this Ransomware may visit this EvilQuest ransomware manual removal for Mac. Their page shows a step by step guide for the removal of EvilQuest ransomware.