Dangerous ransomware threatens Macs

Macs are no longer spared malware and the most dangerous of them, ransomware. The proof with ThiefQuest, a ransomware coupled with spyware that steals your passwords before asking for a ransom.

Contrary to what their aficionados may believe, Macs are not immune to malware . And it is clear that the examples of viruses targeting Macs are increasing in proportion to the craze that arouse Apple computers . In fact, in 2019, according to a Malwarebytes report , Macs were the most affected by adware and potentially malicious software .

The fault of this false impression of immunity and the absence of antivirus solution . Today it is the most destructive category of malwarewho comes to touch them for the second time in four years: ransomware . Dinesh Devadoss , a security researcher at K7 Lab discovered the presence of one of these malware specializing in  data encryption for ransom on forums and torrents .

Ransomware explained: How it works and how to remove it | CSO Online

Both spyware and ransomware

Called OSX.ThiefQuest, it is encapsulated in rogue installers of programs appreciated by Mac users. It can be found in pirated versions of popular software, such as  Ableton Live ,  Mixed In Key , or the Little Snitch firewall  . The concern is that this ransomware falls through the cracks of a possible antivirus solution.

It is during the software installation process, when the user grants elevated privileges, that the ransomware manages to invite itself. Once in place, the malware takes its time before encrypting the contents of the disc. And for good reason ! First, he starts a powerful and discreet keylogger which allows him to stealuser passwords , bank card numbers and any virtual money wallets.

In this sense, the code behaves at first like spyware before launching a second encryption attack to collect more money . The researchers also found that OSX.ThiefQuest cleverly lures antivirus protection and that it acts. As always, in the case of encryption by ransomware, nothing says that by paying the requested ransom, the data will come back. Better to count on very regular backups.