New Ransomware ‘OSX.EvilQuest’ Found in Pirated Mac Software

Apple Warns iPhone Users About "Mercenary Spyware Attacks" in 98 Countries

A new piece of macOS ransomware has been spotted in the wild pretending to be a Google Software Update app. Thomas Reed from Malwarebytes says it has been found in pirated versions of “popular macOS software.”

OSX.EvilQuest

Mr. Reed found it inside a pirated Mac tool called Little Snitch. Another one was found in DJ software Mixed In Key 8, which is what Objective-See covered. The latter installer was unsigned. This is good so far, because it means you won’t be automatically infected (at least with this sample).

This message will appear once your files have been encrypted
Credit: Objective-See. This message will appear once your files have been encrypted

Not only does OSX.EvilQuest encrypt the machine’s files, it also installs a keylogger to monitor what you type, and steals cryptocurrency wallet files if they are present on the system. Even if you paid the ransom, the attackers could still wreak havoc.

Mr. Reed said that Malwarebytes has been updated to detect and stop OSX.EvilQuest. Objective-See also has a ransomware detection tool.

One thought on “New Ransomware ‘OSX.EvilQuest’ Found in Pirated Mac Software

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!