A new version of ransomware is targeting macOS individuals who download installers for leading applications via torrent files.
The new ransomware known by the name EvilQuest, was first spotted by Dinesh Devadoss, a K7 Lab malware researcher. Research reveal that EvilQuest has been quite active since the beginning of June 2020. Malware lab firms, like Malwarebytes, also found the ransomware attached to pirated macOS software distributed mainly via torrent sites and warez forums.
Similar Static Bitcoin [BTC] Address Used In Every Documented Attack
EvilQuest asks its victims to pay a ransom via the similar static Bitcoin [BTC] address in every documented attack. One among the primary signs that EvilQuest has deployed an attack is that MacOS Finder freezes. Once file encryption is complete, a document is generated with ransom instructions.
While explaining further, Brett Callow, threat analyst and ransomware expert at malware lab, Emsisoft, added that EvilQuest is unlikely to be anything aside from a really small-scale threat:
“The fact that Macs have a comparatively small market share means they’re not a very attractive target for ransomware groups and they’re unlikely to take a position significant resources in targeting Mac users.”
Ransom Demanded By Attackers
Research also reveal that the typical ransom demanded by the attackers is $50 USD worth in BTC. Victims are usually given a deadline of 72 hours to pay. Adding further Callow adds:
“That said, a threat is a threat and it’s something Mac-users should always remember. Thankfully, as this ransomware appears to be targeted exclusively via pirated software, it’s very easily avoided just by not using pirated software. That holds true whether you’re a Mac user or a Windows user: pirated software and cracks are the first distribution method for the kinds of ransomware that focus on home users.”