Mac users are now exposed to a new 'ThiefQuest' ransomware that encrypts files and causes multiple issues with the operating system. Malwarebytes has analyzed the ransomware today, which is being distributed through macOS pirate apps.
Mac App Store Malwarebytes
The malicious code was first found in a pirate copy of the Little Snitch app available on a Russian forum with torrent links. The downloaded app comes with a PKG installer file, unlike its original version. Python editor mac.
By examining this PKG file, Malwarebytes discovered that the app comes with a 'postinstall script,' which is typically used to clean up the installation after the process is completed. In this case, however, the script implements malware in macOS.
The script file is copied to a folder related to the Little Snitch app under the name CrashReporter, so the user won't notice it running in the Activity Monitor since macOS has an internal app with a similar name. The set location is: /Library/LittleSnitchd/CrashReporter. Share applications between macs.
Malwarebytes notes that it takes some time before the ransomware starts working after it's installed, so the user won't associate it with the latest app installed. Once the malicious code is activated, it modifies the system and user files with unknown encryption.
Which is why human App Reviewers ensure that the apps on the App Store adhere to our strict app review standards. Our App Store Review Guidelines require apps to be safe, provide a good user experience, comply with our privacy rules, secure devices from malware and threats, and use approved business models. For this reason, and because the older Malwarebytes Anti-Malware for Mac app can coexist with Malwarebytes for Mac, you can keep both apps indefinitely. When the user is ready to remove Malwarebytes Anti-Malware for Mac, he/she can uninstall it by opening that app and choosing the Uninstall option from the Help menu. It also includes Mac adware, and potentially unwanted programs. All of these contribute to an increased risk for Macs. Even the Mac App Store has suffered a tidal wave of scam software. Go to any Mac forum these days and it won't take you five minutes to find someone suffering from some kind of malicious threat. MalewareBytes is absolutely safe for Macs. It is a tool formerly called AdwareMedic that was written by a security specialist named Thomas Reed who is a respected member of the Apple Support Communities. Tom recently joined the MalewareBytes team. His software is very safe and a very powerful tool to keep your Mac clean of adware and malware. Malwarebytes is an anti-malware program that is compatible with major operating systems like Windows, Android, Chrome OS, etc. It works better than most software because of its proactive approach.
Uninstall Malwarebytes On Mac
Part of the encryption causes the Finder not to work properly and the system crashes constantly. Even the system's Keychain gets corrupted, so it's impossible to access passwords and certificates saved on the Mac. A message on the screen says the user must pay $50 to recover its files, otherwise everything will be deleted after three days.
There's still no way to get rid of malware after it has encrypted the files without formatting the entire disk, so users should keep an updated backup of everything.
The best way of avoiding the consequences of ransomware is to maintain a good set of backups. Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)
Although the ransomware is only included with pirated apps for now, Apple must fix this security flaw as quickly as possible since this malicious code can be included in more apps distributed outside the App Store.
Download Malwarebytes Mac
You can read more technical details about ThiefQuest on Malwarebytes' website.
Update: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name is ThiefQuest.
Malwarebytes Mac App Store Windows 10
FTC: We use income earning auto affiliate links.More.
