A new piece of macOS ransomware has been spotted in the wild pretending to be a Google Software Update app. Thomas Reed from Malwarebytes says it has been found in pirated versions of “popular macOS software.”
OSX.EvilQuest
Mr. Reed found it inside a pirated Mac tool called Little Snitch. Another one was found in DJ software Mixed In Key 8, which is what Objective-See covered. The latter installer was unsigned. This is good so far, because it means you won’t be automatically infected (at least with this sample).
Not only does OSX.EvilQuest encrypt the machine’s files, it also installs a keylogger to monitor what you type, and steals cryptocurrency wallet files if they are present on the system. Even if you paid the ransom, the attackers could still wreak havoc.
Mr. Reed said that Malwarebytes has been updated to detect and stop OSX.EvilQuest. Objective-See also has a ransomware detection tool.
I’d really like if TMO reviewed and compared Ransomeware packages.