“EvilQuest”: macOS Users Facing A New Ransomware

For Mac For Mac Optimization Tech News

Researchers have found traces of ransomware named EvilQuest, which is exclusively targeting macOS based machines manufactured by Apple. The encryption malware is found to be a unique strain different from previous malware attacks on macOS or any other operating system. Here’s everything you need to know about it:

What is EvilQuest?

what is evilquest

EvilQuest or OSX.EvilQuest is a ransomware strain that is being attached to pirate macOS applications. The ransomware threatens users’ command over his/her PC as well as access to files and folders. EvilQuest gets installed in the Mac along with the pirate app it came with and then encrypts victims’ files and folders, preventing access and usage. 

The new ransomware strain has one notch more which makes it even more dangerous. The researchers have found that EvilQuest installs a keylogger on the system, which allows the attacker to track and record the keyboard commands struck by the user. Moreover, the strain will also install a reverse shell. A reverse shell will establish a remote connection of the victims’ PC with the attacker’s remote machine, thus giving him total control over your PC.

Hence, even if you’ve paid the ransom, the victim can continue to access your files and keep track of keyboard keys struck, thus having full authority over the infected computer.

Read More: Decrypt Ransomware Affected Files Using These Tools

How was EvilQuest Discovered?

EvilQuest has been discovered in multiple software packages and installers, making it a bit difficult to find the first attack. But it is believed that the ransomware strain is being distributed for more than a month before its discovery.

How was EvilQuest Discovered
Image Source: ZDNet

One of the first sources of attacks is linked to the pirate version of an app called Little Snitch. It’s a firewall application designed for macOS users offering them network protection. The app itself is highly regarded, but when you opt for a pirate version, there are risks you cannot call for. 

The strain is attached as a PKG installer file with Little Snitch pirated software package. The PKG file has a “post-install script” attached to it, which contains the alleged malware. Upon installation, the script is then copied to a location on your Mac – /Library/LittleSnitch/CrashReporter. And then sometime later, the malware code activates and starts system files encryption. 

Read More: How Ransomware Affects Your System?

EvilQuest is Thriving On Torrenting

The EvilQuest ransomware strain is thriving totally on torrenting. Users often download software packages and applications through third-party app stores and online portals and torrent links to get a free premium version without actually buying the software. EvilQuest is mostly found attached to such links for software packages like that of Little Snitch.

Torrenting is always risky, but users tend to dodge those risks by using a VPN service. However, when there is a ransomware threat associated, no VPN can help in that scenario. It is recommended not to use pirate versions of such software packages on Mac or any other operating system. 

How EvilQuest Works?

Here’s a summary of how EvilQuest takes control of your Mac if you are attacked:

– Upon installation and activation of the malware code, the files and folders of the victims’ Mac are encrypted, followed by a warning regarding the encryption.

– The user is then directed to a ransom note on the desktop just like the one in the image below:

how evilquest works

– A keylogger is installed, which gives the attacker tracking access to record all keystrokes.

– A reverse shell then grants the attacker a connection with the infected Mac as well as the authority to run custom commands.

– The ransomware strain looks explicitly for files that are associated with any cryptocurrency wallet applications such as – wallet.png, wallet.pdg, etc. thus, hampering security of your crypto wallets.

What Files are Prone to Threat Associated with EvilQuest?

Here is a list of file extensions that are encrypted by Evil Quest: 

.pdf 

.doc

.jpg

.txt

.pages

.pem

.cer

.crt

.php

.py

.h

.m

.hpp

.cpp

.cs

.pl

.p

.p3

.html

.webarchive

.zip

.xsl

.xslx

.docx

.ppt

.pptx

.keynote

.js

.sqlite3

.wallet

.dat

Use A Reliable Security Software For Mac To Ensure Top-Notch Privacy & Protection

To ensure that your Mac is free of any malware or privacy threat, you can use an efficient Mac protection suite called Kaspersky Total Security. It is incredible security software designed to ensure your Mac is protected from all kinds of vulnerabilities and threats. The application consists of built-in modules to run automatic scans and detect malware traces as well as traces jeopardizing user privacy on your Mac.

Talking about the graphics interface, Kaspersky offers a user-friendly and intuitive dashboard, so that both novices and experienced users can effortlessly use the software. The main window has all the functionalities properly categorized so that you can use tools like Backup, Parental Controls, and so on.

Kaspersky Total Security Mac

Here are the major highlights of using Kaspersky Total Security for Mac: 

  • Provides excellent malware protection.
  • Comes with a top-notch password manager.
  • Has Parental Control features.
  • Has all-new stalkerware protection functionality.
  • Uses light-to-moderate system resources only.
  • Provides a dedicated Game Mode feature.
  • Comes with a File Encryption feature.
  • Come with Anti-Theft functionality.
  • Has a dedicated file shredder feature to permanently delete files.
Latest Version: 21.3.10.391 Language Support: English, German, French, etc.
Price: $49.99 for 5 Devices/1 Year Free Trial Period: 30 Days
File Size: 2.7 MB Memory: 1 GB (32-bit) or 2 GB (64-bit)
License: Trial Version, Subscription-Based Disk Space: 1500 MB free space

If you are using any other Security and Protection Software for Mac, do let us know your suggestions in the comments section below. Also, do not forget to share your experience if you’ve been a target of EvilQuest or OSX.EvilQuest Ransomware strain.

Check Out The List Of Relevant Articles: 

No More Ransom: An Initiative To Foil The Ransomware Plans Of Threat Actors
Avaddon Ransomware – How to Stay Protected & What to Do When You’ve Been Hit
How To Protect Your Mac From A Ransomware Attack?
Maze Ransomware Attacks Cognizant
How To Remove Redl Ransomware And Other Malware From Your System?

What Do You Think?
Responses

Leave a Reply


The Firefox logo isn’t a fox

It is a common misbelief that the furry creature in the Firefox logo is a fox thanks to its name. But it is rather a Red Panda.