With most computer users running on Windows, it’s extremely rare to see malware tailored specifically for macOS. But a new one, known as EvilQuest, has been spotted in the wild. And while it is primarily of the ransomware variety, it seems to be doing all sorts of other things as well.
Patrick Wardle, Principal Security Researcher at Jamf, says this malware allows a hacker to get full control over an infected machine. In addition to encrypting a victim’s files, EvilQuest also installs a keylogger and a reverse shell. In addition to all that, it also steals cryptocurrency files. This means paying a ransom is the least of a victims worries.
EvilQuest is a relatively new piece of malware, being distributed since the start of June. And it was found hidden inside pirated macOS software found on torrent sites and online forums. So basically anyone torrenting pirated software is at risk. It also acts fast, beginning the encryption process the moment it is executed. And once the encryption process ends, it immediately starts installing its other components.
Considering the transmission vector, you should be safe from EvilQuest if you steer clear of pirated software. There is also an open source app called RansomWhere? that is able to detect and stop ransomware attacks on macOS machines.