In the last days a new ransomware called EvilQuest has been discovered that is hidden behind pirated apps. This malware encrypts the files on the computer so that they are inaccessible unless an amount is paid, at least in theory.
Ransomware, the malware that asks for ransoms
A ransomware is a malicious program that “hijacks” the files of a computer and asks for a ransom (ransom) so that the user can recover them. Before the ransom notice, the ransomware encrypts all the content it can with a random key that is necessary to regain access to files.
EvilQuest is the latest ransomware variant capable of affecting Mac computers that Malwarebytes has discovered on the internet. A discovery that originated in a Russian forum where a pirated version (free) of the Little Snitch app was offered.
The hacked app is offered in a generic installer that, in addition to installing Little Snitch, installs a small executable called Patch in the path / Users / Shared and a post-installation script that activates the malware. The script moves the Patch file to a new location and Rename it as CrashReporter, a common name on Mac computers. From here Patch auto installs itself in various locations within the computer.
This ransomware is capable of encrypting large numbers of files on your computer, including configuration files and keychain files, making the iCloud keychain inaccessible and the Finder constantly giving errors. After the attack the ransomware requests $ 50 to decrypt the files, although, according to Malwarebytes, does not comply with the decryption although the amount is paid.
As if that were not enough, the malware also installs a keylogger, a small application that records all the keystrokes on a computer. An attack that is able to access passwords, bank details and other information, although, for now, the use of these data is unknown.
Is my Mac safe?
In the face of this kind of attack, what can we do? Everything. The security of our computer depends on how we use it. This class of malicious applications cannot affect a computer without consent. In this case, the consent is to download an app from an untrusted source and, above, enter the password of the computer during the installation, so the ransomware meets little resistance.
The precautions to take in the situation are simple, the first and most important is that never install any app except from trusted sites like the App Store or from the websites of trusted companies (Adobe, Microsoft, etc.). The second precaution is to have a backup of the data, where it is especially useful to use Time Machine.
App piracy, that is, being able to use apps that cost money for free is a practice that is increasingly falling into disuse, but it is still the main focus of malware entering devices.