Although ransomware specifically targets Mac users is extremely rare, the recent lysX. EvilQuest, or many researchers, has warned. ZDnet reported that independent researcher Dinesh Devados was the most visible and believes EvilQuest has been circulating in the wild since June 2020. In addition to maliciously encrypting files and demanding ransoms, it installs keyloggers on the victim’s macOS system, as well as code to steal cryptocurrency wallet files.
(Photo: Patrick Wardle)
Patrick Wardle, a former NSA hacker and now a Jamf macOS security researcher, points out that attackers can take full control of the infected host.
Like many Mac ransomware sourcings before it, EvilQuest appears to have been distributed through pirated software distribution channels, such as the DJ application Mixed In Key and the security tool Little Snitch.
The ransomware also tries to take advantage of Google Chrome’s upgrade mechanism, as they even found it in a package called Google Software Update, adds Thomas Reed of Malwarebytes.
Apparently, malware makers want to stay on infected computers for long periods of time. For macOS users, this could be another threat since Patche in 2017 and KeRanger in 2016.
To avoid getting infected with EvilQuest, it’s recommended that you try to bypass pirated BT sites and stick to the Mac App Store or trusted third-party developers to get the software.
In addition, Wardle offers a free, open source “RansomWhere?” software that helps macOS users detect and deactivate ransomware lurking in the system.
Finally, the recently updated Malwarebytes software can also detect and clean EvilQuest before it causes damage.