In recent days a new ransomware called EvilQuest has been discovered that hides behind hacked apps. This malware encrypts computer files so that they are inaccessible unless a fee is paid, at least in theory.
Ransomware, the malware that asks for rescues
A ransomware is a malicious program that “hijacks” files from a computer and asks for a ransom so that the user can recover them. Prior to the ransom warning, ransomware encrypts as much content as possible with a random key that is necessary to recover access to the files.
EvilQuest is the latest variant of ransomware capable of affecting Mac computers that Malwarebytes has discovered on the Internet. A discovery that originated in a Russian forum where a pirated (free) version of the Little Snitch app was offered.
The hacked app is offered in a generic installer that, in addition to installing Little Snitch, installs a small executable called Patch in the UsersShared path and a post-installation script that activates the malware. The script moves the Patch file to a new location and renames it CrashReporter, a common name on Mac computers . From here Patch installs itself to various locations on the computer.
This ransomware is capable of encrypting a large amount of files on the computer, including configuration files and keychain files, so the iCloud keychain is inaccessible and the Finder gives constant errors. After the attack, ransomware requests $50 to decrypt the files, although, according to Malwarebytes, does not comply with the decryption even if the amount is paid .
On top of that, malware also installs a keylogger, a small application that records all the keystrokes on a computer. An attack that is capable of accessing passwords, bank details and other information , although, as yet, the use of these data is unknown.
Is my Mac safe?
In the face of this kind of attack, what can we do? Everything. The security of our computer depends on how we use it. This kind of malicious applications cannot affect a computer without consent. In this case, consent means downloading an app from an untrustworthy source and entering the computer’s password during installation, so ransomware meets little resistance.
The precautions to be taken in the situation are simple. The first and most important is that never install any app except from trusted sites like the App Store or from the websites of trusted companies (Adobe, Microsoft, etc.). The second precaution is to have a backup of the data, where it is especially useful to use Time Machine.
At AppleHow to improve the security of our Mac through the System Firewall
App piracy, i.e. being able to use free apps that cost money, is a practice that is increasingly falling into disuse, but it is still the main source of malware entry to devices.